Logfiles for service/https/acl_file
Hello, we're securing port 50013, SAPMMC etc by setting profile parameter service/https/acl_file to the path, where our service_acl file is stored.A few of our servers have got more than one IP address...
View ArticleGUI Scripting - Blocking The Recording
Dear, we have the profile parameter sapgui/user_scripting enabled. But we would like to restrict the recording of the scripts only to specific users it means all users in our system can run recorded...
View ArticleClik here to view.
UME Security - Java Scheduler 'Action' authorization
Hello Security gurus! Our PI team would like to have access to the NWA Java Scheduler. They currently have the NWA_READONLY role, the only role that we found that provide access to the scheduler is...
View ArticleIdentification of Non Transactional Users from Roles
Hi All, Currently we have 21K+ Employees in Organization.. Roles are assigned as Default ESS and TransactionalNow we have got a requirement to identify only Non Transactional Users from Roles which is...
View ArticleRHPROFL0 not removing PD profiles
HI RHPROFL0 report is not removing PD profiles from a user if the user is not assigned to any position. i explain it further with example below.If user A is assigned to a manager's position, and i run...
View ArticlePurchasing users only allow to maintain costing data engring team only allow...
Hi All, I have requirement. We now have a requirement from the business teams (purchasing and engineering) to ensure both teams are assigned separate authorization roles/objects to make sure purchasing...
View ArticleCompare: Portal execute html or back end execute html
Dear experts, I have some quetions abaut what are the best practices for security and performance reasons in developing of web services. Imagine a customer that acces to SAP Portal to execute some...
View ArticleBranchs controls by user
Hello, I'm from Argentina and we have this issue in our system: we need to separate users by Branch, so someone from Branch 1 (assigned by role) only can register documents for that same branch with...
View Articlespro full authorization without sap_all and sap_new
Hi Friends, Can u suggest me how to give spro full authorization without sap_all and sap_new profile. Thanks & Regards,Tarun
View ArticleSecure access to a project in PS
Hi all, is it possible to limit the access to a project in SAP PS by assigning authorizations only for a certain project number? The project builder CJ20N uses project definitions but not project...
View ArticleNew Setup Authorization
Dear All, Good day to you. I like to know why i encountered error message " You have no authorization for this transaction in Plant XXXX)" after execution of T-code: MB52.I ran SU53 to check the...
View ArticleIssue with SAP_ALL authorization for MM_EKKO and MM_MATBEL
Hi expert, We have upgraded our SAP from ECC 6 EHP0 to ECC6 EHP7.On EHP0 i was able to archive purchasing document using MM_EKKO object.But after upgradation i am not able to archive same documents in...
View ArticleCan we find the auth method used after a user has authenticated ?
When a user is authenticated to an SAP ABAP system, they can use a userid and password, SNC or an SSO2 ticket. Is there a report, or some other way to get a list of user authentications over a period...
View ArticleClik here to view.
Mystery T-Code Range "NO" to "YS" allowing SE37, SE38 & SE80
We have a customized copy of SAP_SM_BASIC_SETTINGS. It is a direct copy with no changes but has been customized so a generated profile could be created and the roles assigned to Basis users. Now,...
View Articlelogin/password_max_idle_initial
Dear Team, I want to get the value maintained for UME parameter "login/password_max_idle_initial" of ECC ABAP in Java WD. Is there any Standard Remote FM which returns this value. Regards,Shami
View ArticleRoles with Active Object having Inactive Fields
Hi All, We have found a wierd scenario in some of our roles. Issue is that a field within a object in inactive. Example: We have object I_KOSTL with below fields 1. KOKRS (Controlling Area)2. KOSTL...
View ArticleMissing standard authorization roles in ERP
Hi, I am going to implement authorization roles in SAP ECC 6.0 system, software component release 702. Only a few standard roles (starting with SAP_)can been seen in PFCG. From where can I get standard...
View ArticleSAP Cloud Identity Service
OverviewThe SAP Cloud Identity solution is a cloud service for identity lifecycle management for SAP Cloud applications and on-premise applications. It provides services for authentication, single...
View ArticleAD and RBP in SF
What is the difference between administrative domain and RBP in Successfactor ? I understand that AD needs two types of Admin (Global and Local) and we cant implement AD when RBP framework is...
View ArticleAcknowledgments to Security Researchers - Previous Months
The SAP Product Security Response Team thanks all researchers and security IT professionals that helped with discovering and solving security vulnerabilities. Their findings have helped SAP to maintain...
View Article