The SAP Fan Club Forums

Hi, Does any one know of average costs associated with. a.) SAP Security assessments. (10K ?) b.) Role redesign. (500 to 700K ?) c.) SOD remediation. ( ?? ) also does anyone have templates on the same. what each one covers. atleast the SAP security assessment one. regards Which currency are you usi...

Dont tell the auditors, but the J2EE supports "in memory" runtime users via SAMl. So if you have a BI portal, you can authenticate and authorize the users at individual message level. There are also various "poor man's" solutions via logon tickets which require some infrastructure. "Clever woman's" ...

You must be careful with IDM in this case if you want to centrally evaluate the user license and write it back to the local classification. The User Bapis dont support this attribute on all releases. Where it works wonders is with internal cost distribution. If you license by role assignment and cha...

If the UME is AD and logon ticket or SAML is sufficient for authentication, then best is to deactivate the password. The active password is the problem and you dont need it. If UME is the ABAP system, then you have some options via parameter login/password_change_for_SSO. But possibly you set the pa...

Have you considered asking the basis team, or are you the basis team?

Take a look at the buttons in transaction SM36...

Note that some BAPIs also offer this search help check and when you want a remote enabled search help, then you should use the FMs from FUGR BFHV. Often you find RFC users of type dialog and service because the search help is badly implemented as a dialog from the remote system. The caller can simpl...

There are a few BC and HR things which are hardcoded in several places in SAP programs and LDBs and a few also in the kernel now. That means that the check is not optional.

There is also a new configuration table which lets you execute your own functions within the search help. This is less intrusive than exits.

If your release is high enough and you debug the F4, then you will see it.

Yes.

ps: which release are you on?

In St13 you can select SOS_CUSTOMER_DATA with flag "SAP Data" and see what is checked. That is used for the query execution, but is local data. St14 is the result from the remote system. You will not see the query parameters anymore of that remote system. If additional things appear then they are pr...

You cant handle them during upgrade. They handle you during testing the upgrade...

Those exits to call FMs from SSM_CUST are now obsolete.

I have a customer where IT is located under global purchasing and the SAP manager has the security person, helpdesk and networks reporting directly to him. That also works fine for them - depends on the organization, culture and the people and their skills. Security does however need a certain amoun...

Nice to see use of personalizations.

Goes to show that you only need to use something for bugs to show up..

It depends on whether your vendor provides APIs to such functionality which is also secure.

Few do.... so if one does then it is highly likely to be a hack.

Good ones will provide APIs with switches to turn them on and check their own customizing to validate imported values. Again here... few do.