Skip to content

/AWS1/IF_SHB=>UPDATEORGANIZATIONCONF()

About UpdateOrganizationConfiguration

Updates the configuration of your organization in Security Hub. Only the Security Hub administrator account can invoke this operation.

Method Signature

METHODS /AWS1/IF_SHB~UPDATEORGANIZATIONCONF
  IMPORTING
    !IV_AUTOENABLE TYPE /AWS1/SHBBOOLEAN OPTIONAL
    !IV_AUTOENABLESTANDARDS TYPE /AWS1/SHBAUTOENABLESTANDARDS OPTIONAL
    !IO_ORGANIZATIONCONFIGURATION TYPE REF TO /AWS1/CL_SHBORGANIZATIONCONF OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_shbupdateorgconfrsp
  RAISING
    /AWS1/CX_SHBACCESSDENIEDEX
    /AWS1/CX_SHBINTERNALEXCEPTION
    /AWS1/CX_SHBINVALIDACCESSEX
    /AWS1/CX_SHBINVALIDINPUTEX
    /AWS1/CX_SHBLIMITEXCEEDEDEX
    /AWS1/CX_SHBRESOURCECONFLICTEX
    /AWS1/CX_SHBRESOURCENOTFOUNDEX
    /AWS1/CX_SHBCLIENTEXC
    /AWS1/CX_SHBSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_autoenable TYPE /AWS1/SHBBOOLEAN /AWS1/SHBBOOLEAN

Whether to automatically enable Security Hub in new member accounts when they join the organization.

If set to true, then Security Hub is automatically enabled in new accounts. If set to false, then Security Hub isn't enabled in new accounts automatically. The default value is false.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.

Optional arguments:

iv_autoenablestandards TYPE /AWS1/SHBAUTOENABLESTANDARDS /AWS1/SHBAUTOENABLESTANDARDS

Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

The default value of this parameter is equal to DEFAULT.

If equal to DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

io_organizationconfiguration TYPE REF TO /AWS1/CL_SHBORGANIZATIONCONF /AWS1/CL_SHBORGANIZATIONCONF

OrganizationConfiguration

RETURNING

oo_output TYPE REF TO /aws1/cl_shbupdateorgconfrsp /AWS1/CL_SHBUPDATEORGCONFRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->updateorganizationconf(
  io_organizationconfiguration = new /aws1/cl_shborganizationconf(
    iv_configurationtype = |string|
    iv_status = |string|
    iv_statusmessage = |string|
  )
  iv_autoenable = ABAP_TRUE
  iv_autoenablestandards = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
ENDIF.

To update organization configuration

This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.

DATA(lo_result) = lo_client->updateorganizationconf(
  io_organizationconfiguration = new /aws1/cl_shborganizationconf( iv_configurationtype = |CENTRAL| )
  iv_autoenable = ABAP_FALSE
  iv_autoenablestandards = |NONE|
).