Limiting Application Access

Application access to SAP Mobile Platform runtime is tightly controlled: before a user can access a mobile application, he or she must provide a passcode; before the application can access the runtime, the application must be registered and provisioned with required connections and security configurations.

1. Encrypting Device Data
   Encrypting all data on the device client requires multiple techniques.
2. Registering Applications, Devices, and Users
   Before any application can access the runtime, the user, device, and application must be identified by first registering with SAP Mobile Server and pairing them with a device and user entry. Only when all three entities are known, can subscriptions can be made or data synchronized.
3. Locking and Unlocking a Subscription
   (Not applicable to Online Data Proxy) Create a subscription template to lock or unlock a subscription. A subscription determines what data set the device user receives upon synchronization and how frequently the synchronization can occur. Lock the subscription to prevent modification to the template and control the synchronization frequency
4. Locking and Unlocking Application Connections
   Lock or unlock connections to control which users are allowed to synchronize data. Locking an application connection is an effective way to disable a specific user without making changes to the security profile configuration to which he or she belongs. Locking an application connection blocks delivery of generated data notifications to the replication-based synchronization clients.