Quantcast
Channel: SCN: Message List - Security
Viewing all 5338 articles
Browse latest View live

JCo RFC-Call just from specific user

March 17, 2014, 3:31 am
$
0
0

Hello People,

 

i have a small security issue that i need to solve, and currently i don't know how i should do it, but i'm sure you people can help : )

 

I have a Java Webservice that connects via JCo to my SAP System. For the JCo-Connection I made a config-File with a SAP-User Name to logon to the SAP System. This SAP-User has only permissions to write to specific tables etc, thats all good. The problem is that it should be checked by the SAP System who is calling the RFC Function, so that only certain users can execute the RFC Functions from the Webservice, but no one else. So for example if i change the username in my Webservice Config-File and the call a completely different RFC Function, SAP should block this call. Currently I am looking in the SNC but i'm not sure if setting SCN-Names for the webservice etc. is what I am looking for.

 

I hope i wrote my problem clearly and maybe you guys have some ideas!

 

Thank you very much,

Michael

Search

Re: JCo RFC-Call just from specific user

March 17, 2014, 3:54 am
$
0
0

I just saw the new Unified Connectivity feature, maybe thats what i'm looking for!

Re: RAL question

March 17, 2014, 9:00 am
$
0
0

Hi Patrick,

I tried the feature on GUI 7.3 Patch Level 8 too, still cannot get the dynpro fields added to the active dynpro recording.

 

How do you suggest I go about it at this point?

 

Thanks,

Pawan.

Re: How to use one PSE with multiple URLs?

March 17, 2014, 10:42 am
$
0
0

Hello,

 

I do use a SAP Web Dispatcher terminating SSL connections and using 2 DNS alternate names (SAN).

 

The trick is to use transaction STRUST instead of sapgenpse to create the SSL PSE. If your SP level is high enough, you can see the new field "Subject (Alt.)" in the certificate display.

To create the certificate, you just enter both SN separated by a ";" character.

 

Best Regards,

Olivier

Looking for SEM-BCS sensitive access risk data

March 17, 2014, 7:49 pm
$
0
0

Hi Everyone,

 

I am working on making a baseline document for SEM-BCS and needs sensitive access risk data (including transaction and authorization values). It's similar to GRC ruleset. The client have inconsistent processes and they have not defined any risks for BCS and want us to define related risk exposure and near term remediation plan for it. Will highly appreciate if you some one can share any document related to it which we can leverage here. Many thanks in advance.

 

-Kapil

Enquire authorization setting in material no. control

March 17, 2014, 8:46 pm
$
0
0

Hi everybody,

 

Could you advice how to limit "create" or "change" activity for user under the following situation?

 

Situation: some particular user can create or change that particular material number under the same material type and same plant.

 

Rdgs,
Emily

Re: Enquire authorization setting in material no. control

March 17, 2014, 8:57 pm
$
0
0

Hi Emily

 

Have you read up on the M_MATE* authorisations objects - especially M_MATE_MAR and M_MATE_WRK. Do you mean material master data?

 

 

Not entirely sure what your issue is here - perhaps you can elaborate after you have done some research?

 

 

 

Regards

Colleen

Re: Enquire authorization setting in material no. control

March 17, 2014, 9:02 pm
$
0
0

hi Emily,

You can restrict the Material with the help of M_MATE_MAR, If you want to restrict it under plant then you can do it with the help of ABAPER.

Please go through this thread.

Authorization by material type

 

 

Regards,

Search

Re: Recommended Settings for the Security Audit Log (SM19 / SM20)

March 18, 2014, 9:36 am
$
0
0

Denis Ontiveros wrote:

 

Question: would the German Data protection authorities have an issue with activating this level of logging?

 

 

Good point!

 

From a general point of view I would start with following assumptions:

 

1. Filter: Activate everything which is critical for all users '*' in all clients  '*'.

-> mostly ok, details should be confirmed

 

2. Filter: Activate everything for users 'SAP*' in all clients '*'

-> ok

 

3. Filter: Activate everything for other support and emergency users, e.g. 'FF*' (FireFighter) in all clients '*'

-> ok (assuming that you already have agreed on using GRC Super User Management)

 

4. Filter: Activate all events for the dialog activities 'logon' and 'transaction' for user 'DDIC' in all clients.

-> ok

 

5. Filter: Activate everything for client '066'. This client is not used anymore and can be deleted.

-> ok

 

6. Filter: Activate RFC events (AUL, AUK, AU6, AU5) for a short time for selected users to identity RFC connection problems easily

-> you have to confirm this

 

7.-10. Filter: free for other project specific purpose

-> you have to confirm this

 

Keep in mind that you have to discuss (among others) log creation, consolidation, archiving as well as retention periods and deletion.

Re: Unable to restrict access to Query Designer

March 18, 2014, 9:42 am
$
0
0

Applied SAP note: 1472913 which resolved this issue.

Re: Composite roles not visible after refresh

March 18, 2014, 4:38 pm
$
0
0

I have Obsolete Roles button. Is it the same you are saying.

 

If this is the case, what is the process for multiple users at a time ?

 

Thanks,

SANKAR.

Re: Enquire authorization setting in material no. control

March 18, 2014, 7:10 pm
$
0
0

Hi Colleen,

 

Sorry I think I didn't mention in detail. Actually I want to limit the activity in a particular material number which assign in particular material group. e.g.: material group; 305 in dump screen, I want user not allow to enter this material number in group 305.

 

Is there any object are also need to setup. Because I try to set M_MATE_MAR as display only in group 306 (dump screen). But I still can access group 305. Could you kindly advice?

 


pic2.png

pic1.png

 

Rdgs,
Emily

Re: Composite roles not visible after refresh

March 18, 2014, 7:13 pm
$
0
0

Hi Sankar

 

not sure why you mention obsolete roles button instead of filter button? if composite was obsolete and that was your issue you would not see the singles either

 

On your roles tab you have ALV layout for the roles. There is a button (6 from left) that looks like a funnel/filter. Click on that and see if you have an option to "delete" filter.

 

The filter is screen layout and not user specific. You do not need to go through and fix each user up. The user has the access (you confirmed it's in the table). You are trying to fix your screen layout

 

Regards

Colleen

Re: Enquire authorization setting in material no. control

March 18, 2014, 7:54 pm
$
0
0

Hi Emily

 

So if this is for transaction MM03 Material Master Data Display ....

 

Recommend you read up on the object via SUIM Authorisation Objects by Complex Criteria or via SU21. Have a look at all the M_MATE* objects.... in particular object M_MATE_WGR (Material Group).

 

 

Regards

Colleen

SRM VSI Configuration With Symantec Scan Engine

March 18, 2014, 9:30 pm
$
0
0

Hi All,

 

Need your expert help in VSI in our SRM System with Symantec Scan Engine. Below is our System Landscape

 

SRM 7.01 SP09

Portal 7.3 SP08

 

I have configured Virus Scan Provider with vssap.dll (Demo Adapter for NW-VSI). As this can be used for test the adapter only, We have installed Symantec Scan Engine 5.2 on the same SRM Server and need to configure Adpater for the same.

 

If any one has done this configuration, please help me.

 

Thanks in advance.

 

Regards

Ponnusamy

Search

Re: how to resrtict va11 Tcode based on Plant??

March 19, 2014, 5:13 am
$
0
0

Hi Arun,

 

Try with C_AFKO_AWK and C_AFKO_DIS.

 

regards

kartik

Re: Display/Edit the CRM transaction based on status value selected in status field

March 19, 2014, 6:15 am
$
0
0

Hello,

 

I don't think you can restrict the access on status value selected in status field, you can restrict the sales orders based on transaction types and sales organisation level even display/change also.


B_USERSTAT/B_USERST_T these object will use when you give create/changes for sales orders in WEBUI.


moreover you may not restrict all assignment blocks with authorisation objects in WEBUI, you need to restrict them by business role level, we can also restrict assignment blocks by activating suitable BADI's/component enhancement. technical abaper would help on this.

below are the authorisation objects will help you to restrict sales order. hope will help you. thanks

CRM_ORD_LP

CRM_ORD_OP

CRM_ORD_PR

CRM_ORD_OE

 

Regards,

Suresh

Re: Gettings dumps CALL_FUNCTION_REMOTE_ERROR in solution manager for user SOLMAN_BTC

March 19, 2014, 8:34 am
$
0
0

Thanks Prasad for letting the community about the solution that worked for you.

 

Regards

RB

Parameter value in RZ11 and table TPFET differs

March 19, 2014, 8:43 am
$
0
0


Hello!

 

In order to check the value of several parameters in a SAP system we have in place a procedure that analyze that value against the table TPFET. In general it works pretty well (as far as you also consider the values defined in the kernel of SAP whenever there is not information in TPFET) but we have found one or two cases where the data look wrong.

 

In particular, for 2 SAP systems we found that the value for an specific parameter was fill with some value in TPFET (login/multi_login_users but i guess the parameter is not relevant) but thru RZ11 the value looks empty (more precisely, the standard value, the profile value and the current value were empty). The only thing "strange" in TPFET for this value was that the column PSTATE shows "M" value.

 

So the questions are:

 

1) Do know why TPFET value differs from RZ11 one?

2) What does "M" means in TPFET-PSTATE?

 

Thanks in advanced,

Félix

Best SAP Security Practices Print,file,job schedule, archiving

March 19, 2014, 10:21 am
$
0
0

Hello All, i would like to know in your experience which will be the best practices for Security  for this list below:

- Printer security (especially check printing)

- File path security for export/import

- Best Practice for Job Schedule and Spool file

- Archiving process (I can't think of any specific to security, other than Security Audit Logs)

Are there any special transactions/system settings/parameters that must be on place in order to hard SAP Systems?

Do you have any documentation related?

I mean for example Job, spool i think user must just only run heir own jobs,and se their own works for printing, is there a paremeter to athenticate Prints/user, etc.

 

Please let me know your comments about those related issues.

I appreciate your help.

 

Thanks a lot.

 

Ahmed

Viewing all 5338 articles
Browse latest View live
Search