Quiz: understanding security policies in SAP (SECPOL)
Scenario:Imagine your SAP system (1 application server) is running with the following system profile parameter settings (RZ10): Kernel default values:login/min_password_digits = 0login/min_password_lng...
View ArticleEmail Alert Inquiry
Hello, Is it possible to send an email alert either via CCMS or Solman upon a succesful user logon from ABAP system. The trigger would be for a distinct list of users. The audit log is configured and...
View ArticleAssin.: erro "ssf_krn_invalid_par" na função SSFW_KRN_ENVELOPE
hello, after a homogeneous system copy, I get the following error on document certification:Assin.: erro "ssf_krn_invalid_par" na função SSFW_KRN_ENVELOPE I've found note "2015422 - Error...
View ArticleNo authorization to logon as a Trusted System (L-RC=0 T-RC=2)
Hello colleagues, Not sure if this is the right place to ask, as this is kind of connectivity and security issue at the same time.The issue is that I'm unable to Process an IDoc, whiich is arrived from...
View ArticleHow can I find the username of the person who assigned a role at the job level?
During my nightly user reconciliation job, 3 roles were assigned to numerous users within the same jobid. I need to determine, who assigned the roles to the job. Can someone please shed some light on...
View ArticleAcknowledgments to Security Researchers
The SAP Product Security Response Team thanks all researchers and security IT professionals that help with discovering and solving security vulnerabilities. Their findings continuously help SAP...
View Articlemass generation of profiles of customize role in sap
Dear All, I am unable to generate mass profile for customize roles in SUPC.After pressing Generate button its showing "Choose at least One role".
View ArticleRestricting SM35 by Program Name
Dear All, Does anybody know a way to restrict what programs can be released/executed from transaction SM35. When I run a trace I find the below: UserProgram NameCheckResultObjectField 1Value 1Field...
View Articleimport_own_cert Installation of certificate failed
Dear Expert, We want to configure SSL for SAP Web Dispatcher and we have followed the following steps: 1.Create the Web Dispatcher Server PSE and generate a CSR sapgenpse.exe get_pse -p...
View ArticleAdding Multiple Users to a PORTAL Group
We are on Netweaver Portal 7.0. LDAP used to sync with R/3. Task is to assign PORTAL group to multiple users in PORTAL. Unable to find option where users can be assigned to the PORTAL group at one go....
View ArticleClik here to view.
Trial Edition: SAP NetWeaver Application Server, add-on for code...
Get your hands on and test-drive the latest release of SAP NetWeaver Application Server, add-on for code vulnerability analysis.SAP offers this software based on a time limited trial and evaluation...
View ArticleSAP Security Products and Solutions: Training
SAP TechEd LecturesCould not make it to SAP TechEd 2015? Watch the following selected lectures on today’s hottest security topics: SEC102: Find the Hackers in Your Landscape with SAP Enterprise Threat...
View ArticleGraphical modeler - CRM Web UI
CRM Web UI.SAP CRM ABAP 7.0WEBCUIF 701 0006 SAP Web UI Framework When choosing a segment in a Marketing Campaign, then Edit Segmentation Model, I receive a message saying "You are not...
View ArticleMaster role set up
We are trying to set up master roles as well as derived roles off the master ones to give access only to certain company codes.Currently we are using a range of companies in the master role (i.e. AB01...
View ArticleRestrict approver to approve his on requests
Hi, We are working on MDG Security for customer and I am new to security. We have a case where approver should not approve his own requests. How do we restrict that in SAP? Can anyone help?
View ArticleClik here to view.
Featured Content in Security
Watch Replays of Selected Security Lectures from SAP TechEd 2015Could not make it to SAP TechEd 2015 this year? Watch the replays of selected lectures on today’s hottest security topics. November 17,...
View ArticleSAP NetWeaver Application Server, Add-On for Code Vulnerability Analysis
OverviewYour valuable data assets are only as secure as the applications that host and access them. SAP NetWeaver Application Server, add-on for code vulnerability analysis is an integrated tool for...
View ArticleClik here to view.
Security Level of Kerberos / SPNego Algorithms?
Dear all,some algorithms got a bad reputation over lasts months and years. I am no algorithm expert but do some research on recommendations, standards and regulations to give some guidance to our...
View ArticleZero-Day exploit at Java lib Common Collections
Hi Gurus, I found the a post stating there is a Zero-Day exploit in the common collections function InvokerTransformer. Found by Gabriel Lawrence and Chris Frohoff shown in their presentation....
View ArticleClik here to view.
New functionalities in SU25
Hi, We are hitting SAP_BASIS 740 version as effect SU25 has been enhanced with added functionalities. Can I get details for these two options and when it is supposed to be used? Thanks,Krishna
View Article