Search found 464 matches
- Sun Sep 10, 2017 4:40 pm
- Forum: SAP Security
- Topic: SAP Security assessment, role redesign & remediation costs
- Replies: 2
- Views: 4320
Re: SAP Security assessment, role redesign & remediation costs
Hi, Does any one know of average costs associated with. a.) SAP Security assessments. (10K ?) b.) Role redesign. (500 to 700K ?) c.) SOD remediation. ( ?? ) also does anyone have templates on the same. what each one covers. atleast the SAP security assessment one. regards Which currency are you usi...
- Sun Nov 15, 2015 5:22 pm
- Forum: SAP Security
- Topic: Verify Users in BW against ECC
- Replies: 3
- Views: 5792
Re: Verify Users in BW against ECC
Dont tell the auditors, but the J2EE supports "in memory" runtime users via SAMl. So if you have a BI portal, you can authenticate and authorize the users at individual message level. There are also various "poor man's" solutions via logon tickets which require some infrastructure. "Clever woman's" ...
- Sun Nov 15, 2015 5:06 pm
- Forum: SAP Security
- Topic: LICENSE_ATTRIBUTES and assigning license to roles
- Replies: 3
- Views: 4003
Re: LICENSE_ATTRIBUTES and assigning license to roles
You must be careful with IDM in this case if you want to centrally evaluate the user license and write it back to the local classification. The User Bapis dont support this attribute on all releases. Where it works wonders is with internal cost distribution. If you license by role assignment and cha...
- Wed Aug 06, 2014 4:33 pm
- Forum: SAP Security
- Topic: Initial Password
- Replies: 3
- Views: 3820
Re: Initial Password
If the UME is AD and logon ticket or SAML is sufficient for authentication, then best is to deactivate the password. The active password is the problem and you dont need it. If UME is the ABAP system, then you have some options via parameter login/password_change_for_SSO. But possibly you set the pa...
- Wed Aug 06, 2014 4:27 pm
- Forum: SAP Security
- Topic: frequency of batch job that creates stad files
- Replies: 2
- Views: 4154
Re: frequency of batch job that creates stad files
Have you considered asking the basis team, or are you the basis team?
Take a look at the buttons in transaction SM36...
Take a look at the buttons in transaction SM36...
- Wed Aug 06, 2014 4:23 pm
- Forum: SAP Security
- Topic: XD03 Search Help reveals too much info
- Replies: 4
- Views: 5426
Re: XD03 Search Help reveals too much info
Note that some BAPIs also offer this search help check and when you want a remote enabled search help, then you should use the FMs from FUGR BFHV. Often you find RFC users of type dialog and service because the search help is badly implemented as a dialog from the remote system. The caller can simpl...
- Wed Aug 06, 2014 4:15 pm
- Forum: SAP Security
- Topic: SOS
- Replies: 3
- Views: 3388
Re: SOS
There are a few BC and HR things which are hardcoded in several places in SAP programs and LDBs and a few also in the kernel now. That means that the check is not optional.
- Wed Jun 04, 2014 3:45 pm
- Forum: SAP Security
- Topic: XD03 Search Help reveals too much info
- Replies: 4
- Views: 5426
Re: XD03 Search Help reveals too much info
There is also a new configuration table which lets you execute your own functions within the search help. This is less intrusive than exits.
If your release is high enough and you debug the F4, then you will see it.
If your release is high enough and you debug the F4, then you will see it.
- Wed Jun 04, 2014 3:40 pm
- Forum: SAP Security
- Topic: Initial Password
- Replies: 3
- Views: 3820
Re: Initial Password
Yes.
ps: which release are you on?
ps: which release are you on?
- Thu Apr 03, 2014 4:52 pm
- Forum: SAP Security
- Topic: SOS
- Replies: 3
- Views: 3388
Re: SOS
In St13 you can select SOS_CUSTOMER_DATA with flag "SAP Data" and see what is checked. That is used for the query execution, but is local data. St14 is the result from the remote system. You will not see the query parameters anymore of that remote system. If additional things appear then they are pr...
- Sat Feb 08, 2014 8:25 am
- Forum: SAP Security
- Topic: Sap Security upgrade
- Replies: 1
- Views: 3233
Re: Sap Security upgrade
You cant handle them during upgrade. They handle you during testing the upgrade...
- Sat Dec 28, 2013 4:16 pm
- Forum: SAP Security
- Topic: SU01 technical names
- Replies: 3
- Views: 4694
Re: SU01 technical names
Those exits to call FMs from SSM_CUST are now obsolete.
- Sat Dec 28, 2013 4:13 pm
- Forum: SAP Security
- Topic: Where are the authorization specialists located?
- Replies: 4
- Views: 5152
Re: Where are the authorization specialists located?
I have a customer where IT is located under global purchasing and the SAP manager has the security person, helpdesk and networks reporting directly to him. That also works fine for them - depends on the organization, culture and the people and their skills. Security does however need a certain amoun...
- Sat Dec 28, 2013 3:25 pm
- Forum: SAP Security
- Topic: Dump "insert duprec" in SU01 [Solved]
- Replies: 6
- Views: 7656
Re: Dump "insert duprec" in SU01 [Solved]
Nice to see use of personalizations.
Goes to show that you only need to use something for bugs to show up..
Goes to show that you only need to use something for bugs to show up..

- Sat Dec 28, 2013 3:18 pm
- Forum: SAP Security
- Topic: GRC V10 Connectors to non sap systems
- Replies: 3
- Views: 4755
Re: GRC V10 Connectors to non sap systems
It depends on whether your vendor provides APIs to such functionality which is also secure.
Few do.... so if one does then it is highly likely to be a hack.
Good ones will provide APIs with switches to turn them on and check their own customizing to validate imported values. Again here... few do.
Few do.... so if one does then it is highly likely to be a hack.
Good ones will provide APIs with switches to turn them on and check their own customizing to validate imported values. Again here... few do.