Search found 2426 matches

by Al.
Mon Apr 07, 2003 5:20 am
Forum: SAP Security
Topic: Systen Access
Replies: 6
Views: 926

If ALL users are assigned to authorisation groups then you can control user change access to the user groups. For example you have end users in group ENDUSR and user administrators in UADMIN, you can restrict the administrators to change only users in user group ENDUSR. As long as the administrators...
by Al.
Fri Mar 21, 2003 7:44 am
Forum: SAP Security
Topic: How to authorization for display spoolfiles of backgroundjob
Replies: 1
Views: 638

Viewing the job logs is generally an administrative task & I'm pretty sure that viewing the logs through SM37 isn't greatly configurable. If you have some jobs running in batch mode you can get the output e-mailed to certain recipients - this may give these people access to see the reports while pro...
by Al.
Fri Mar 14, 2003 6:25 am
Forum: SAP Security
Topic: PFCG Activity groups not generating in target system
Replies: 5
Views: 1038

I haven't worked on on 3.x but 4.0B required AG's to be regenerated via SUPC. Not sure exactly which release this was fixed but haven't come across having to regen ag's/roles in 4.5-onwards.
I think this is one of those "features" SAP takes a good few releases to remedy.
by Al.
Tue Mar 11, 2003 11:00 am
Forum: SAP Security
Topic: Password change cycle per day ?
Replies: 9
Views: 2693

As an end user I'm pretty sure you can only change your password once without some ABAP to do it via SU01 using an admin user permissions
by Al.
Mon Mar 10, 2003 12:46 pm
Forum: SAP Security
Topic: Role/UserComparison
Replies: 6
Views: 1364

Hi MFS, To be on the safe side I like to schedule user compares to run nightly so as to catch anything that goes through in the midnight transport run. I feel this balances the risk of temporarily messing us the few users that work overnight with the benefits of knowing that te reconciliation has ta...
by Al.
Wed Mar 05, 2003 5:04 am
Forum: SAP Security
Topic: MCRU - selection screen appears scrambled
Replies: 2
Views: 1445

Even if you are taken back to the menu, you can still run SU53, although only the last authrisation check will be reported.
Have you run an authorisation trace (ST01). This picks up most of the authorisation checks that take place during the process & will show where a check failed.
by Al.
Tue Mar 04, 2003 9:29 am
Forum: SAP Security
Topic: organization levels
Replies: 5
Views: 1891

You will have to create the seperate role, and manually insert the auth objects that contain $BUKRS that you have left blank. You will then be able to maintain the $BUKRS value + the fields such as activity etc in the "enabling" role. If you just entered the field $BUKRS without the object values th...
by Al.
Tue Mar 04, 2003 8:34 am
Forum: SAP Security
Topic: i wan't to block certain transaction to users with SAP_ALL
Replies: 4
Views: 1822

1 option - modify the S_TCODE object in the profile/role (assume that currently s_tcode has TCD value *) with transaction ranges which omit the transactions you want to protect. You will also need to remove the auth objects that control the access. This method will reduce the likelyhood that users w...
by Al.
Fri Feb 28, 2003 10:14 am
Forum: SAP Security
Topic: PFCG_Time_Dependency
Replies: 5
Views: 4677

You can use SM36 to schedule a job to be run in the background. I would recommend speaking to your Basis team as they will probably have a process for setting background jobs up e.g. timing, naming etc. They will also be the ones monitoring the bg jobs and will have to sort it if the job falls over ...
by Al.
Fri Feb 28, 2003 4:52 am
Forum: SAP Security
Topic: Screen saver on sap
Replies: 2
Views: 1023

Set parameter rdisp/gui_auto_logout to the number of seconds you want a user to be logged out by. e.g. 3600 = 1 hour The users session will automatically be terminated if they don't perform a dialog step within this time. Alternatively a company policy to enforce mandatory screensavers with password...
by Al.
Thu Feb 27, 2003 6:07 am
Forum: SAP Security
Topic: Virus on SAP? is it possible?
Replies: 9
Views: 1881

One of the commonly accepted definitions of virus is ".....executable code that, when run by someone, infects or attaches itself to other executable code in a computer in an effort to reproduce itself" However it is more commonly accepted as any malicious code that can affect your process. As far as...