Search found 2426 matches

by Al.
Wed Dec 05, 2012 4:29 am
Forum: SAP Security
Topic: Limit the use of S_RFC - RFC1
Replies: 9
Views: 5266

Re: Limit the use of S_RFC - RFC1

That's a bugger! Still, if you are using a system ID, restrict it to the RFC FUGR's (RFC1, SDIFRUNTIME, SG00, SRFC, SYST, SYSU) and limit the tables through S_TABU_DIS then you are in a reasonable position. If you want to reduce the risk that the ID could be misused then the most basic way is to ens...
by Al.
Mon Dec 03, 2012 4:01 pm
Forum: SAP Security
Topic: Limit the use of S_RFC - RFC1
Replies: 9
Views: 5266

Re: Limit the use of S_RFC - RFC1 -[RESOLVED]

That's a legitimate concern & general mitigation is to give the ID just the auths required to do the job. To be honest there are some bigger fish to fry like securing your RFC gateway (through reginfo & secinfo files) which is more likely to be exploited.
by Al.
Thu Nov 29, 2012 5:34 pm
Forum: SAP Security
Topic: Limit the use of S_RFC - RFC1
Replies: 9
Views: 5266

Re: Limit the use of S_RFC - RFC1

Hi Baz, Does the ID have SAP_ALL currently? If you are just restricting to FUGR = RFC1, SDIFRUNTIME, SG00, SRFC, SYST, SYSU then you can just use S_TABU_DIS to control which tables (or at least tables grouped by table authorisation group) that can be accessed by the ID. You can also specify the exac...
by Al.
Thu Nov 29, 2012 5:24 pm
Forum: SAP Security
Topic: Help with roles
Replies: 1
Views: 1982

Re: Help with roles

Hi,

Your options are:

1. Customisation (to allow additional checks to provide control where required)
2. Accept it (what is the unacceptable risk that has been identified?)
by Al.
Tue Nov 27, 2012 5:36 pm
Forum: SAP Security
Topic: Need help with SAP Table UST12 (VON - BIS)
Replies: 2
Views: 2424

Re: Need help with SAP Table UST12 (VON - BIS)

Hi,

There is no table that will give you the info in the form that you are requesting when trying to split up a range.
by Al.
Wed Nov 07, 2012 6:43 pm
Forum: General Talks
Topic: Earn Money by blogging about SAP
Replies: 27
Views: 20732

Re: Earn Money by blogging about SAP

They have been hacking SAP NetWeaver on this year's conference. Successfully. SAP first denied, then all fell over themselves to act as if they were best buddies with the hackers and would team up to fix the holes. Here's an article. To be fair to SAP (which isn't something you will hear me say oft...
by Al.
Wed Nov 07, 2012 5:41 pm
Forum: SAP Security
Topic: Single Signon - Portal / Active Directory
Replies: 2
Views: 3070

Re: Single Signon - Portal / Active Directory

I agree with Fish, it's a big area and there are lots of considerations.

In addition to Xiting & Realtech it's also worth talking to CyberSafe
by Al.
Fri Nov 02, 2012 3:15 am
Forum: SAP Security
Topic: Role copied from SAP_ALL without all transactions
Replies: 2
Views: 2320

Re: Role copied from SAP_ALL without all transactions

As I replied on the IT Toolbox question....You won't want to hear this but if you are taking that approach you might as well leave in the transactions as removing them (which is often done by creating ranges in S_TCODE) will not stop people from being able to access the functionality. As Jurjen says...
by Al.
Wed Oct 31, 2012 10:03 am
Forum: SAP Security
Topic: Difference between authentication and authorization
Replies: 3
Views: 2819

Re: Difference between authentication and authorization

Be careful with it....it can really wind people up :D
by Al.
Mon Oct 29, 2012 3:50 am
Forum: Human Resources
Topic: Creating Roles for HR
Replies: 7
Views: 5732

Re: Creating Roles for HR

just copy your existing authorisation for P_ORGIN & then you will have 2 auth sets to work with.
by Al.
Thu Oct 25, 2012 9:24 am
Forum: Human Resources
Topic: Creating Roles for HR
Replies: 7
Views: 5732

Re: Creating Roles for HR

Thanks for the info. Have you tried using P_ORGIN create 2 authorisation sets? -

one auth set with all the non-financial infotypes for all users
one with only the financial infotypes for for the ESA's up to VP.
These can be in the same role.
by Al.
Wed Oct 24, 2012 4:46 pm
Forum: Human Resources
Topic: Creating Roles for HR
Replies: 7
Views: 5732

Re: Creating Roles for HR

How have you represented grade structure in your HR org model?
by Al.
Mon Oct 22, 2012 7:27 am
Forum: SAP Security
Topic: uploading multiple users to portal
Replies: 1
Views: 1437

Re: uploading multiple users to portal

There is lots of useful info here: http://scn.sap.com/message/279093