This website is not affiliated with, sponsored by, or approved by SAP AG.

Transports from OS to Production

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Transports from OS to Production

Postby bbdude » Tue May 17, 2011 10:26 am

Yes another Auditor question 8)

How would one transport a change through the OS (in this case AIX) and bypass SAP STMS? If my understanding is correct - this type of change wouldn't show up in the STMS change log (E070), right?

Thoughts and comments are welcome!

-E
bbdude
 
Posts: 21
Joined: Wed Nov 03, 2010 8:16 am

Re: Transports from OS to Production

Postby jurjen » Wed May 18, 2011 12:49 am

I don't see how one would bypass the transport system. You could bypass the gui and the stms transactions but the tools you need from the OS level to import a transport are still SAP tools. I hope they leave traceable logfiles.
Best search SAP service marketplace for notes and documentation on the subject.
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: Transports from OS to Production

Postby bbdude » Wed May 18, 2011 8:01 am

jurjen wrote:I don't see how one would bypass the transport system. You could bypass the gui and the stms transactions but the tools you need from the OS level to import a transport are still SAP tools. I hope they leave traceable logfiles.
Best search SAP service marketplace for notes and documentation on the subject.


Some in the auditor community have voice some concerned around the ability to use OS access to upload a transport to production. My understanding (seems consistent with yours) is that even if you did it through the OS it would still show up as a change in E070.

Whether or not you can bypass leaving a trail in ECC is the question.
bbdude
 
Posts: 21
Joined: Wed Nov 03, 2010 8:16 am

Re: Transports from OS to Production

Postby jurjen » Wed May 18, 2011 10:21 am

bbdude wrote:Some in the auditor community have voice some concerned around the ability to use OS access to upload a transport to production.

I'd say they need to understand where the OS ends and the application begins. For the logging, a notes search on "TP" may help.
jurjen
 
Posts: 298
Joined: Wed May 17, 2006 8:17 am
Location: The Netherlands

Re: Transports from OS to Production

Postby TattooDave » Wed May 25, 2011 9:16 pm

Using the tp command from the O/S produces the exact same logs/table entries as using STMS.

You can test this by doing a tp addtobuffer from the command line. The transport will appear in the queue in STMS.
TattooDave
 
Posts: 188
Joined: Mon Aug 23, 2004 12:26 am
Location: Brisbane, Australia


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 6 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.