I have inherited a server running SQL-Anywhere Version 9, I believe that version is end-of-life. I'm trying to come up with good arguments for replacing that version with a newer one, but the boss isn't interested in replacing it. Can anyone help me with arguments?
↧
Safe to use SQL-Anywhere Version 9?
↧
How to give access to top bar menu items
Hi expert,
I have a user asking me access to the "display <--> change" menu.
How is that done?
In this case, the transaction being used is FBL3N
Thank you
Ash
↧
↧
CommonCryptolib 8.4.17 - Ticket File Missing
I have just finished installing a new NW 7.4 Java application server, patched to sps7, and am about to configure SSL on it, but I seem to have a problem. The installation routine installed sapcrypto.dll, etc, as part of the 7.41 kernel, but there is no 'ticket' file. I fully expected there to be a ticket file in DIR_INSTANCE\sec, but there isn't.
This has the result, when attempting to configure SSL in NWA, of an error "Ticket file not found" and a red light.
I downloaded a new CommonCryptolib package from the SMP, in the same version (8.4.17), and unpacked it, but it doesn't include a ticket file either, and the included manifest indicates that one isn't expected.
So, I'm stuck. I didn't have this problem in NW 7.0 and with the old sapcryptolib 5.5.5, so is there some new procedure in NW 7.4 and/or CommonCryptolib to obtain the ticket file?
This is a Windows 2012 R2, SQL Server 2012 system. The kernel is 7.41 pl 31.
Regards,
Matt
↧
User Transaction Details - Client Specific
Dear All
My requirement is to find all the tcodes executed by users in a specific client.
From ST03N, we can find the details , however its not client specific. Right now , i have set retension period as 15 days. So , logs are saved for last 15 days.
From STAD its possible to take out for only last 1-2 days.
Is there any other way same as st03n or a report from which we can get the tcodes executed by user over a period of time.
Regards
Urvish
↧
adjusting derived role in background
Hello,
Each time we modify a reference role, we spend a lot of time adjusting the derived roles (at least 20 derived roles, about 5 000 users by role).
To do it, we execute PFCG, Authorization tabs, then in the authorizations menu-> adjust derived-> Generate derived roles.
Is there a standard way to do it in background or in a batch mode (maybe by program, or function module) ?
Thanks.
Guillaume
↧
↧
UCON - Step 1/7 - How to Set the Profile Parameter for UCON
Watch this step by step video to learn how to set the profile parameter for UCON.
↧
UCON - Step 2/7 - How to Schedule the Batch Job to Collect the Statistical Records for UCON
Watch this step by step video to learn how to schedule the UCON batch job, which collects all incoming RFC calls from outside. This statistical data is needed for the use of the UCON Phasetool.
↧
UCON - Step 3/7 - How to Run the UCON Setup to Create the Technical Entities Needed
Watch this step by step video to learn how to create the technical entities needed for the UCON operations.
↧
UCON - Step 4/7 - How to Choose a Suitable Duration of the Logging and Evaluation Phase
Watch this step by step video to learn how to define a suitable duration of the logging and evaluation phase that fits your needs.
↧
↧
UCON - Step 5/7 - How to Assign a Function Module to the Default CA
Watch this step by step video to learn how to assign a function module which you want to expose to the default CA.
↧
UCON - Step 6/7 - How to Assign a Function Module to the Evaluation Phase
Watch this step by step video to learn how to assign a function module in the logging phase to the next phase, which is the evaluation phase.
↧
UCON - Step 7/7 - How to Assign a Function Module to the Final & Check-active Phase
Watch this step by step video to learn how to assign a function module in the evaluation phase to the final phase, which is the check-active phase.
↧
User Transaction Details - Client Specific
Dear All
My requirement is to find all the tcodes executed by users in a specific client.
From ST03N, we can find the details , however its not client specific. Right now , i have set retension period as 15 days. So , logs are saved for last 15 days.
From STAD its possible to take out for only last 1-2 days.
Is there any other way same as st03n or a report from which we can get the tcodes executed by user over a period of time.
Regards
Urvish
↧
↧
Users set to incorrect logon locks automatically in BW/BOBJ
Hi Gurus,
I am trying to find root cause analysis why the users in BW/BOBJ production were not able to use password suddenly and when I checked it was incorrect logon locks set for almost 100 users.
These are the users who use BOBJ/BW daily. We use third party tool to reset password which is a self service tool.
Did anyone faced this issue before ? I have checked our login password parameters which are correct in all sap systems.
Regards,
Salman
↧
authorization upgrade
Hi all,
I have got a question: an upcoming release update from 4.6 to ECC6.0 will of course also affect authorizations.
Can I analyze the affected roles in the system before I execute SU25? and if so, how? Or do I have to wait for the results from that SU25?
It would be great to get an impression of the work that needs to be done before I "press the button".
Thanks for any helpful answer.
↧
Transporting Roles - Best Practices?
Dear All,
I have been practicing SAP Security for almost 4 years now. I want to know if you have any SAP-provided documents or SAP Notes which tells the proper and best way in transporting roles in ABAP based system. Common on what I am doing right now is based on what specific security change you are doing. I am citing few example:
1. Addition of transaction codes to roles - I include all the derivatives including the parent role in the transport request.
2. Addition of Organizational Values to Organizational Units - I still include all the derivatives and the parent role in the transport request.
I came to a colleague of mine and working in a separate engagement and tell me that in example no. 2 you should only transport the role you have modified in the transport request.
Hoping for anyone to share anything about transporting roles, providing SAP provided documents would be a big help! 
Thanks in advance.
↧
Java-administrator password keeps getting locked
Hi,
We have a portal 7.3 in which the Java-administrator password keeps getting locked. I can't see anything in the log traces in NWA. The only thing I've found is in security_audit logfile which doesn't really say much:
#2.0 #2014 07 17 05:47:03:913#+0200#Info#/System/Security/Audit/PrincipalModification#
#BC-JAS-SEC-UME#com.sap.security.core.sda#C000AC142D1F08D90000000000003284#52888950000000002#tc~bl~txmanager~plb#com.sap.security.core.util.SecurityAudit#Guest#0#JTA Transaction : 127261#040FAA9B0D6511E4C5A4000003270576#040faa9b0d6511e4c5a4000003270576#040faa9b0d6511e4c5a4000003270576#0#Thread[RMI/IIOP Worker [0],5,Dedicated_Application_Thread]#Plain##
User account modified | USERACCOUNT.MODIFY | UACC.PRIVATE_DATASOURCE.un:Administrator | | SET_ATTRIBUTE: islocked=[true], SET_ATTRIBUTE: lockreason=[1]#
Please advice,
Thanks.
↧
↧
Authorization set up in SAP_MM_PUR_BUYER
Good morning everybody!
I have a requirement from business and I need to prepare some documents for our Basis Team but I'm not familiar with the Authorisation topic and I would be very grateful if you could help me on this.
Business wants 3 groups of buyers assigned to 3 groups of Vendors. This groups should have the PUR Rolle + MIGO and all the other Buyers outside this groups should have just the PUR Rolle.
Buyer group 1 --------> Vendor group A
Buyer group 2 --------> Vendor group B
Buyer group 3 --------> Vendor group C
At the moment the PGr ist defined as Person. As fair as I understood, the PUR Authorization is on PGr level?
So, how can we organize that? How does the assignment to Vendor works? Which information do I need from Business for Basis Team?
Thank you very much in advance for your help!!!
Paola
↧
ME21N Limit PO type M_BEST_BSA using PR type M_BANF_BSA
Hi experts
Question for PO creation ME21N.
Let's say I have various PR/PO types - example to use to restrict let's say PR type ZPR and PO type ZPO.
I want to restrict PO creator from picking up ZPR type. Do you know if this will work i.e. remove M_BANF_BSA from PO creator role?
Thank you!
↧
How to encrypt documents in ABAP
Hello, I hope someone can help me out (or at least give me a hint) with this problem.
I have a requirement to encrypt files to send them to an external application. This is the schema of my problem:
1- The envelop/encryption of the file consists of a symmetric algorithm, using a generated key
2- This generated key is encrypted with the public key(Asymmetric algorithm) of this external application (I have the respective certificate to do this).
3- All this information is sent respecting the PKCS#7 format. This means that I can use any algorithm for the encryption that is supported by this format, like AES-256-CBC, AES-128-CBC, etc...
Also, I was supplied with a sample code of this process. Is written in java, using bouncy castle:
public byte[] envelop(InputStream inputFile, InputStream certif)
throws IOException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, CMSException {
X509Certificate cert = null;
//obtiene los datos del archivo a encriptar
int sizecontent = inputFile.available();
byte[] contentbytes = new byte[sizecontent];
inputFile.read(contentbytes, 0, sizecontent);
inputFile.close();
//obtiene el certificado de IB
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) cf.generateCertificate(certif);
certif.close();
//Ensobra el archivo utilizando AES256_CBC con 128 bits
String algorithm = CMSEnvelopedDataGenerator.AES256_CBC;
int keysize = 128; // bits
CMSEnvelopedDataGenerator fact = new CMSEnvelopedDataGenerator();
//agrega el certificado al sobre
fact.addKeyTransRecipient(cert);
CMSProcessableByteArray content = new CMSProcessableByteArray(contentbytes);
//encripta
CMSEnvelopedData envdata = fact.generate(content, algorithm, keysize, "BC");
//devuelve el resultado
byte[] enveloped = envdata.getEncoded();
return enveloped;
}I found some information about the CMSEnvelopedDataGenerator.generate(), and effectively, it generates a random key.
Also, I found this link where it explains how to do this with OpenSSL. (search "CMS (RSA + AES)").
Is it possible to achive this with ABAP?
I had tried with the FM SSF_KRN_ENVELOPE, but it seems to not resolve my problem.
Thank you in advance.
Regards.
--
German Guzelj
↧