Solved: A collection of threads: FAQ's, intros and memorab...

Former Member · ‎03-21-2008

Welcome to the SDN Security Forum!

In addition to the information accessible via the SDN Security Main Wiki and the SDN Security Forum Search and

searching the SAP Service Marketplace (see the thread on OSS Note Search Techniques), this "sticky post" lists some threads from the forum as:

- an introduction for new members / visitors on topics discussed in threads,

- a collection of some threads which provided usefull answers to questions which are frequently asked,

- a collection of some memorable threads if you feel like reading some security related material.

- a collection of OSS notes which have been proven to be generally usefull to know about.

The listed threads will be enhanced from time to time. Please feel welcome to contact me via the details in my SDN Business Card if you would like to suggest any threads for inclusion here.

Keeping an eye on the SDN Security Homepage for relevant blogs (often there are security aspects to other blogs as well),

the Security Area of the SAP Service Marketplace ("OSS" logon required) and subscription to the SAP Security Newsletter

can also be generally recommended if you are interested in security.

New!

Also see SAP's Security Disclosure Guidelines and do not use SDN to report software bugs. Contact details are in the link.

PS: When asking a question in the forum, please also provide sufficient information such that the question can be

answered usefully, and when the question is answered please indicate which solution was found and close the thread.

Former Member · ‎04-08-2012

Continued...

Note 177702 - Files: Authorization objects S_PATH & S_DATASET - DATASET commands and path hooks.

Note 1079207 - Downports: CUA change docs, archiving, 12 hour time format - New user change document concept.

Note 101146 - Batch: authorization object S_BTCH_JOB, S_BTCH_NAM - Security concept for backgrounds jobs (SM37, SMX...).

Note 1047952 - SCC4: Client settings with enhanced security options - Advanced security for SCC4.

Note 931252 - Security Note: Authority Check for Function Group SRFC - Settings for RFC checks.

Note 110612 - Using the secinfo file (gateway ACL) - Gateway security and "local" host settings.

Note 820183 - New authorization concept in BI - New BI / BW analysis authorization concept.

Note 915488 - Customizing switch not taken into acc for password generation - Symptom: Help! My password is encrypted...

Note 587410 - Test environment for function modules - Legal requirements for production systems.

Note 1012066 - Test environment for reports - Restrict F8 from the workbench - see also side affects.

Note 571276 - Transporting roles - Things to know about creating, releasing and importing role transports.

Note 1417883 - SU25: Deactivating merge mode in step 2c - SU25-2C is not so strict anymore.

New!

Note 1599732 - PFCG: Popup to maintain values extended with clipboard - Import more than 6 lines into PFCG fields.

Note 1682316 - Optimizing RFC user authorizations - Security service offered by SAP to secure your RFC connections for you.

Please contact me via my business card or one of the other moderators if you would like to suggest a note to be included. Please also see the "Related notes" of these notes for more information in some cases.

Former Member · ‎04-21-2009

Identity Management

CUA will never die! => Blog from SAP about CUA support myths.

=> There is a seperate dedicated forum for this now.

User Management and Password Rules

=> PFUD and "valid to" role assignments, and other search terms.

=> Why and how to avoid deleting user ID's.

=> Think twice about updating SAP tables.

=> Where did a (CaSe-sensitive) password come from and why did it fail?

=> Restricting DDIC access and logging, by restricting it's use.

=> Old hats, new (easy) tricks and win a round of beers, instead of points

=> Exceptions, development requests and analzing logon problems.

Authorizations

=> Contributing to SDN can enable a difference for everyone, depending on the reason code ...

=> Derived roles, role design and (potential) design errors.

=> S_BTCH_ADM vs. S_BTCH_JOB.

=> Be carefull with S_DEVELOP authorizations, regardless of S_TCODE.

=> Tcodes, activities and projects within SPRO.

=> Important first step with lasting consequences.

=> Tweaking table auth groups with transaction SE54.

=> The "System => Status and F1 trick"; also see SAP note 1085326.

=> What the SU24 indicators are for.

=> The rules of SAP note 113290.

=> The Neverending Story.

=> Reports for converting organizational level fields.

=> New authorization object S_TABU_NAM to access individual tables.

=> Upload roles, or transport them.

=> Special SUIM reports explained by SAP guru Bernhard Hochreiter.

=> A little bit of everything in PFCG which you need to know.

=> When to use SU24 to make changes.

=> SU24, PFCG merge option and role design.

=> Initial installation tuning of SU24.

=> Developer type authorizations.

=> Solutions for profile name collisions.

Former Member · ‎05-13-2009

Continued...

*Auditing and Monitoring*

=> Segregation of Duties tools and approaches.

=> Right tools for the right job.

=> Beware of S_DEVELOP, and SCC4 and SE06 settings.

=> Using SAP standard reports; tricks in SUIM and SoD.

=> Monitoring, legal aspects and a blog (with comments).

Single-Sign-On and related topics

=> using BAPIs, login profile parameters, or programmatically.

=> self-explanatory, once you know it

=> SSO via Active Directory.

=> Kerberos and X.509 options.

=> SSO options for SAPGui and ABAP systems.

=> Usefull links and overview.

Former Member · ‎06-23-2009

And a collection of particularly usefull SAP Security OSS notes...

Note 113290 - PFCG: Merge process when maintaining authorization data - "The Rules" of PFCG Expert Mode.

Note 442935 - PFCG: Changing the authorization concept - Segregating authorization development, role admin and user admin.

Note 1267608 - SUIM and RSUSR030: Search for full authorization - Harmonizing the SUIM search patterns.

Note 368496 - Check indicators and default authorization values - SU22 and "original data".

Note 496819 - Changing the standard communication method to 'e-mail' - Converting mail methods of users records.

Note 313587 - Mass deletion of activity groups - Mass deletion of selected roles.

Note 538328 - PFCG: Loss of role menu texts - Loss of role menu texts in upgrades.

Note 991377 - Missing entries in table PRGN_CORR2 - Transaction SU25 Step 2d and new transactions.

Note 358122 - Function description of transaction SE97 - Coupled "CALL TRANSACTION" pairs and restrictions.

Note 410993 - Maximum number for profiles and authorizations - When the role design reaches it's limits.

Note 46546 - Display authorization for activities in IMG - SPRO display and transaction SPRO_ADMIN.

Note 119147 - Spool: Authorizations - Spool access concept.

Note 837490 - Execution of the security optimization self-service - SOS integration in the Solution Manager.

Note 888889 - Automatic checks for security notes using RSECNOTE - "Bug watch" integration in the EarlyWatch.

Note 539404 - FAQ: Answers to questions about the Security Audit Log - Most things to know about SM19.

Former Member · ‎04-08-2012