SOS

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Post Reply
Blaster
Posts: 189
Joined: Tue Mar 14, 2006 8:02 am

SOS

Post by Blaster » Tue Mar 25, 2014 7:03 am

Hi,

I am testing the Security Optimization Self-service in SOLMAN.

Does anyone know where the values for the ST14 extract can be seen? I would like to see what authorization objects that are actually checked for the different entries in the final report.

Also, there are some SAP checks defined in ST13 for HR area, but the report shows two additional HR checks that are not in ST13, but following the same number range. So I guess these are from ST14, but I have got no way of proving this.

/Blaster

os
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: SOS

Post by os » Thu Apr 03, 2014 4:52 pm

In St13 you can select SOS_CUSTOMER_DATA with flag "SAP Data" and see what is checked.

That is used for the query execution, but is local data.

St14 is the result from the remote system. You will not see the query parameters anymore of that remote system.

If additional things appear then they are probably hardcoded... :-)

We wrote our own derivation of it for the customer part which respected OOAC settings and called it a day. Actually we used the SUIM data and it's APIs (see SAP note 1930238) and not SOS data and made it remote enabled for central monitoring and added the HR, BW, cFolder and SACF logic to it.

Blaster
Posts: 189
Joined: Tue Mar 14, 2006 8:02 am

Re: SOS

Post by Blaster » Wed Apr 23, 2014 4:09 am

Thank you for mentioning note 1930238.

I did some digging around in the program logic behind ST14 and indeed the checks are hardcoded :)

os
Posts: 469
Joined: Wed Dec 21, 2005 10:51 am

Re: SOS

Post by os » Wed Aug 06, 2014 4:15 pm

There are a few BC and HR things which are hardcoded in several places in SAP programs and LDBs and a few also in the kernel now. That means that the check is not optional.

Post Reply