⚡ Community PilotFree Community SAP Prototyping Platform. Powered by Generative AI. Provided without warranty.
Privacy PolicyLegal Notice|
Clean-Core.ioCommunity Pilot
Tenant Security

How We Protect Your S/4HANA Connection

When you connect a live S/4HANA tenant, security is non-negotiable. Here is exactly how Clean-Core.io handles your credentials, data, and access — with full transparency.

Read-Only Scope

No write operations — ever.

Every tenant connection is strictly limited to read-only OData metadata requests and test executions. Clean-Core.io never writes, modifies, or deletes any data on your S/4HANA system.

What We Read

  • OData service metadata ($metadata endpoints)
  • ABAP Unit test results from test execution
  • Custom code analysis reports (ATC/SCI)

What We Never Do

  • No POST, PUT, PATCH, or DELETE operations
  • No transport releases or workbench changes
  • No data exports or bulk reads from business tables
Recommendation: We strongly advise creating a dedicated technical communication user with minimal, read-only authorizations (e.g., S_SERVICE scope restricted to metadata endpoints) on your S/4HANA system for Clean-Core.io connections.

Stateless Processing

In-memory only — nothing persisted on our servers.

Your connection credentials and source code are processed exclusively in-memory within isolated server-side execution contexts. Once the request completes, all data is immediately discarded — nothing is persisted, cached, or logged on our infrastructure.

Credential Isolation

Credentials are decrypted only within the server-side proxy at execution time. They are never exposed to client-side APIs or browser storage.

Zero-Persistence Proxy

The backend proxy layer is fully stateless. No request payloads, no response data, and no connection tokens are stored after execution.

EU-Region Hosting

All processing happens in the GCP europe-west1 (Belgium) region, ensuring GDPR-compliant data residency within the European Union.

BTP Destination Service: For maximum security, we recommend importing your connection as a standard BTP HTTP Destination JSON instead of manually entering credentials. This inherits your existing BTP connectivity profiles and OAuth configurations.

Admin Onboarding Gate

Manual review and approval for every connection request.

To prevent misuse during the community pilot, every tenant connection request is manually reviewed and approved by our admin team before activation. There is no self-service provisioning — this is by design.

How the Approval Process Works

1
You Submit a Connection Request

After signing in, navigate to your project settings and submit a tenant connection request with your system details (hostname, client, communication user).

2
Admin Review

Our team receives a notification and manually reviews the request. We verify the legitimacy of the connection details and the requesting user account.

3
Approval or Feedback

Once approved, your tenant connection is activated and you receive an email confirmation. If we have questions, we reach out before activation.

4
Active Monitoring

Connected tenants are monitored for unusual activity. Access can be revoked at any time if misuse is detected.

Why manual approval? Since this is a free community pilot, we want to ensure every connection is legitimate and intentional. This protects both the platform and your system from unintended exposure.

Questions about tenant security? Reach out anytime.

Contact UsAbout the Project