Portal/ESS Configuration for HTTPS, SANs in SAP Certificates
Hi everybody, I am trying to set up the following portal environment with SSL: 1. SAP web dispatcher connected with two backend systems: portal and erp2. SAP enterprise portal installation...
View ArticleClik here to view.
Is there a table that contains the "where used" information from PFCG?
Hello all, In PFCG when you click on the icon "where used" for a specific AUTH. objecl, a pop-up screen appears with the details for that specific object which T-codes are using it with which activity...
View ArticleGateway Security: reginfo, secinfo, gw/acl_mode - how to set?
Hello, our EWA complained Gateway Security Settings.Gateway Access Control List (reg_info/sec_info) contains trivial entriesParameter gw/acl_mode can be set to 1. SAP recommends setting gw/acl_mode to...
View ArticleSM66 Debug authorization for workflow debugging
Hi, I want to debug an workflow method (ABAP OO) via t-code SM66 but every time I click the "Debugging" button and confirm with "Yes", I get an authorization error. The t-code SU53 shows me two failed...
View ArticlethrowUserLoginException / throwNewLoginException
Hi all, We've written a custom login module, with some checks built in to determine if a user is allowed to logon (example if his current domain is included in a list of valid domains that are allowed...
View ArticleSTAUTHTRACE error
Hi Experts, I am trying to take trace for user using STAUTHTRACE T-Code (System wide Trace). But when I tried clicking on the Activate trace option, I am getting error saying "Trace is already active...
View ArticleRestriction at WBS element level in ME51N Requisitions
Hi Experts, We have a requirement to restrict few requsitioners from entering requisitions using other WBS elements except for which they are eligible. I tried all options with standard auth objects...
View ArticleSSF: Sending encrypted string to a third party
Hi All, I'm new to SSF and I have a requirement to send an encrypted string data to a third party. Now, that I know one secured way to do this is by using the SSF feature in SAP. There are some...
View ArticleBlock changes on logon language for users
Hi SAP Gurus I am trying to restrict users from changing their language settings on their own users. I cannot find any relevant authorization object for this.I have then tried to make and block of the...
View ArticleClik here to view.
SAP Security Notes January 2016 – Review
SAP has released the monthly critical patch update for January 2016. This patch update closes 23 vulnerabilities in SAP products (including ones closed after the second Tuesday of the previous month...
View Article/spin/er - This function is not possible
Hi Gurus, User is has access to T-Code /SPIN/ER but when tried to execute user is receiving error "This function is not possible". Please suggest if anything missed. Thanks. Regards,Surya
View ArticleFirefighter Users without SAP GRC AC possible?
Hello, Transaction /VIRSA/VFAT does not exist on my client's ERP system.I assumed that this is a standard transaction in ERP. Does this only come if a SAP GRC AC is implemented? The client does not...
View ArticleSAP Sandbox Access specifically for Security/GRC training - does anyone know...
Hi, I'm struggling to find a vendor online who provides Sandbox access for Security/GRC training (Virsa Suite AC 5.3 or 10), the functionality/services I require are as follows: Essential: SAP ECC 6.0...
View ArticleBW Infopackage security Display only
Hi there, I am a BW developer and trying to understand the security defined by SAP for BW info package, I am using the Authorization object S_RS_ADMWB for maintaining the security for infopackage,...
View ArticleClik here to view.
Why not activate S_RFCACL in SAP_ALL? (no, really!)
This should be a fun Q&A ... but I'm not (only) doing it for the fun ... First, I expect this will offend some sensibilities and stir some emotions (much like when someone says "I use RAID as my...
View ArticleAcknowledgments to Security Researchers
The SAP Product Security Response Team thanks all researchers and security IT professionals that help with discovering and solving security vulnerabilities. Their findings continuously help SAP...
View ArticleHow to block the multiple logons with NWBC?
Hello, With Sapgui we have the possibility to prevent the multiple dialog logon by profile parameters (login/disable_multi_gui_login). How to prevent the multiple dialog logon using NWBC to the same...
View ArticleUser |TMSADM has no RFC authorization for function group SYST
Hi All, When we release any transports we are getting the above error, this is basically due to the fact that implificaiton of complex password parameters, to supress this we had followed the note...
View ArticleSAP AS Java affected from commons-collection vulnerability?
Dear all, we are running an PI AEX (AS Netweaver Java 7.4) and I recently heard about this vulnerability: What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This...
View ArticleNo Authorization to Create TR from CTS
Hi Experts, We are facing an issue in PI system, where user is getting error, "No Authorization to create TR of type Work Bench Request" in PI system. User is logging in to PI system --> Integration...
View Article