Monday, 21 May 2012

SAP SYSTEM SECURITY PARAMETERS

Login/no_automatic_user_sapstar
By default, the SAP system is installed with a super user master record called SAP*. If this master record is deleted, SAP allows a user to logon with a password of “PASS” for the SAP* user. To disallow this “illegal” entry, set the value to 1. Recommended value is 1.

Login/failed_to_user_lock
This parameter defines the maximum number of unsuccessful logon attempts before the user is locked by the system. An entry will therefore be recorded in the system log. Recommended value is 6

Login/failed_user_auto_unlock
This parameter activates or deactivates the automatic unlocking of locked users at midnight. It is advisable that the system/user administrator performs the unlocking of locked users. Recommended value is 0

Login/fails_to_session_end
This parameter defines the number of times a user may enter a wrong password before the login session is terminated. Recommended value is 3

Login/gui_auto_logout
This parameter defines the number of inactive seconds after which a user is automatically logged out of the system. Recommended value is 1800 sec

Login/password_expiration_time
This parameter defines the number of days after which a password must be changed. Recommended value is 35 days

Login/min_password_lng
This parameter defines the minimum password length. Recommended value is 8

*Login/min_password digit
This parameter defines the minimum number of digits (0-9) in a password.

*Login/min_password_letters
This parameter defines the minimum number of letters or alphabets (A-Z) in a password.

*Login/min_password_special
This parameter defines the number of special characters in a password. These special characters include (), !, \, $, %,:,’, “, ;, =, &, #, },],{,[, >, <

*Login/min_password_diff
This parameter defines the number of differing characters from previous password.

Rec/client
This parameter activates or deactivates automatic table logging. It is recommended to switch it on, however, resource utilization, table(s) to be logged and log volume should be critically analyzed.

Auth/rfc_authority_check
This parameter defined how S_RFC object is checked during RFC calls. When set to a recommended value of 2, check is active and it performed against SRFC-FUGR.
Posted by at No comments:

How to Schedule a Job


HOW TO SCHEDULE A JOB:

1. Log on to the appropriate SAP instance and client using BATCH_USER.

2. Go to transaction SM36.

3. On the Define Background Job screen, fill in the Job name field with the your job name. Select a Job Class priority of A for High, B for Medium, and C for Low. It is SAP’s recommendation that all client-owned jobs begin with a Z for identification purposes. And most Basis people recommend the next two characters be the initials for the SAP module for which the SAP instance runs. Like ZBC* for a Basis job, and ZHR* for a Human Resources job. Click on the Specify start condition button or press F5.

4. On the Start Time popup, click the immediate button to start the job right away, or click the Date/Time button to specify a date/time in the future for which the job run. Click “on” the Periodic job radio button and then click the Period values button if you want to schedule to job to run on a periodic time basis. Provide the periodic values and click Save back to the main Define Background Job screen.

5. On the main Define Background Job screen, click the Step button.

6. On the Create Step 1 popup, fill in the ABAP program Name and any Variant needed to run the program – you had to have created the variant using BATCH_USER before using it here. Then click Save once more.

7. Back on the Define Background Job screen, check that all the job information is correct and then click the Save button one last time.
After the job was created my recommendation is to check the status of the job after it has already ran.
Posted by at No comments:

Creating RFC Connection


    Introduction
    This procedure should allow the offshore Basis team to create a RFC connection in any SAP server.
    1. Logon to SAP server
    2. Use Transaction Code SM59
    3. On SM59 screen click on “Create” button
    4. On the new screen, give RFC destination name – Name by which the connection would be identified ( For example QASClinet300 )
    5. Give Connection Type ( 3 for any SAP to SAP communication ) F4 Help will list down all possible types of connections
    6. Give Description for the RFC Connection – Generally the purpose of the connection is mentioned here
    7. Click SAVE
    8. Give IP address/Host name and system number for destination server in Technical Settings tab
     
    1. Click SAVE
    2. Use “Test Connection” to check RFC.
    3. If Trusted RFC connection is required, give user credentials in “Logon/Security” tab
Posted by at No comments:

Creating Local Client Copy

Introduction
This procedure should allow the offshore Basis team to create a copy of a client locally in the same SAP server.
  1. Logon to SAP server
  2. Use Transaction Code SCC4
  3. Go to change mode
  4. Create a new client, assign client number & description as per request
  5. Logoff from current client.
  6. Login to newly created client using the following credentials :
                                                              i.            Client Number                     : Newly created one
                                                            ii.            User Id                                  : SAP*
                                                          iii.            Password                              : PASS
  1. Use Transaction Code SCCL for local client copy
  2. Give reference client for copy and profile as per the request
  3. Use SCC3 T code to monitor progress of Client Copy.
Posted by at No comments:

How to do a Remote Client Copy


Creating Remote Client Copy
Introduction
This procedure should allow the offshore Basis team to create a copy of a client of a Sap server into another SAP Server
  1. Logon to destination SAP server
  2. Use Transaction Code SCC4
  3. Go to change mode
  4. Create a new client, assign client number & description as per request
  5. Logoff from current client.
  6. Login to newly created client in destination SAP server using the following credentials :
        i.            Client Number                        : Newly created one
        ii.            User Id                                  : SAP*
        iii.            Password                              : PASS
  1. Use Transaction Code SM59 to create a RFC Connection for client copy if does not exist already.
  2. RFC Connection should have Target Server as Destination and the test results should say “Connection test OK”
  3. Use SCC9 Transaction code to go to client copy screen.
  4. Give profile as per the request.
  5. Select RFC destination created for the purpose for the source client to client copy
  6. Use Transaction code SCC3 for monitoring the progress of client copy

Posted by at No comments:

Thursday, 17 May 2012

SAP System Monitoring Transactions


SAP System Monitoring Transaction code

AL08
This transaction code shows a list off all user currently logged on to the SAP system (all app servers).

DB01
This transaction codes will display table locks.

SM12
This transaction code will display the enqueue locks.

Fill in the selection criteria as you want them

SM21
This transaction code is used to see the system log files.

After you have filled in your selection make sure to choose system log, choose, all remote system logs before you hit the read log button.


SM36
This transaction is used to schedule a background job.

SM37
This transaction code is used to display background (or batch) jobs submitted by users.

SM50
This transaction code is used to display all the work processes on the current apps server.

SM51
This transaction code is used to display a list off all the running apps servers. There should be 12 apps servers running at all times.


By double clicking on one off the servers in the list you will then see a listing off all the workprocesses on that server (same as using sm50). Note: you will also connect to that server.

SM66
This transaction code will display a list off all current running work processes on all the apps servers. It doesn’t refresh itself automatically so hit or select the refresh button located at the top.

The list can be sorted by selecting a colum and hitting the sort button located at the top.

ST04
This transaction code will bring up the Informix database overview. It displays information about the current use of the database
Posted by at No comments:

Wednesday, 16 May 2012

BASIS ADMINISTRATOR DAILY ACTIVITIES


                
                     SAP BASIS ADMINISTRATOR DAILY ACTIVITIES

Ø  Servers Overview (SM51)

Ø  Work process overview (SM50)

Ø  Global work process overview (SM66)

Ø  Logged-on users of particular server (SM04)

Ø  Global logged on active users (AL08)

Ø  System logs (SM21) [local or remote logs]

Ø  Monitoring ABAP dumps (ST22)

Ø  Monitoring r/3 locks and DB locks (SM12, DB01)

Ø  Check for the Updates Terminated with Error (SM13)

Ø  Update administration (SM14)

Ø  Defining and monitoring the background jobs (SM36, SM37)

Ø  Spool configuration and management (SP01, SPAD, SP12)

Ø  Applying support patches (SPAM, SAINT)

Ø  Identify the system performance/system health.
o    ST01->system trace
o    ST03->workload analysis
Ø  TMS configuration (STMS)

Ø  To maintain, assigning and missing authorizations
Ø  (SU20, SU21, SU22, SU53)

Ø  User creations (SU01, SU10)

Ø  Applying notes (SNOTE)

Ø  Configuring printers (SPAD)

Ø  Monitoring Fax and Mails From SAP by using SCOT (SCOT)

Ø  Maintaining RFC destinations (SM59)

Ø  Creating roles (PFCG)

Ø  Generating Reports (SUIM)

Ø  Monitoring CUA (SCUA)

Ø  Client creation and client copy (SCC4, SCCL, SCC9, SCC8, SCC7)

Ø  Logon load balancing (SMLG)

Ø  Configuring operational modes and assigning times (RZ04, SM63)

Ø  Assisting functional and development team.

Ø  Monitoring Interfaces/Batch monitoring (SM35)

Ø  Profile Management.

Ø  Monitoring Archiving (DB14)

Ø  Database monitoring (ST04, DB04)

Ø  Switching on the SQL Trace (ST05)

Ø  OS Monitor (ST06)

Ø  Database statistics (DB02) ->missing indexes

Ø  DB12->Database backup-logs

Ø  Defining and scheduling Backups and Database optimizing checks.


Posted by at No comments:

Sap Security IMP


Sap Security Q's:

1. how a transaction code works?
2. Can we set any password limitations/exceptions in SAP? If yes, how?
3. What's the basic difference in between SU22 & SU24?
4. What exactly is SU25? What's the significance of it's 2a,2b,2c & 2d sections?
5. Other than SU53, how can you get missing authorisation details?
6. How can we reset the password for 1000 users at one shot? Is it possible?
7. Is it possible to derive a role which is not having any t-code but have some manually entered
authorization objects? If yes, how?
8. Can we reset our self SAP password? Please note, you don't have SU01's authorization.
9. Suppose my Dev system has 3 clients. In one of the client, I'm making some changes in a
tcode. Will the changes get reflected in other client's also? If yes, how?
10. Through which tcode I can do a mass user comparision? What's the daily background job for
the same?
11. What does PRGN_STAT & TCODE_MOD table consist of?
12. What does we check through SM50 & SM51?
13. Which are the necessary objects for controlling the t-code SU01?
14. Can we give display access for DEBUGGING to a user? If yes, how?
15. What are the SAP default Service users & what are their default passwords? What password
does system bydefault generate for these Service User/s while installing a new client within the
system?
16. From where we can create new Authorization field?
17. Is it possible to assign ABAP role to Portal user? If yes, how?
18. How can we gain control over Infotypes?
19. Why we have to generate the profile again after saving the authorization data while role
creation/modification?
20. When does a profile become 11 character string?
21. How can we find out the roles that got directly generated into Production & not imported
from Quality System? Please note, you don't have any Quality user id.
22. How CUA can help from Management standpoint of a Business, having SAP installed?
23.Explain the authorisation concept in detail
24.Explain how config relates to security
25.Explain why SU53 is not always accurate

Posted by at No comments:

List of useful reports on SAP users

List of useful reports on SAP users
RSUSR_SYSINFO_PROFILE          Report cross-system information/profile
RSUSR_SYSINFO_ROLE             Report cross-system information/role
RSUSR_SYSINFO_ZBV              Report cross-system information/CUM
RSUSR000                       Currently Active Users
RSUSR002                       Users by Complex Selection Criteria
RSUSR002_ADDRESS               Users by address data
RSUSR003                       Check the Passwords of Standard Users in All Clients
RSUSR004                       Restrict User Values to the Following Single Profiles and Auth. Ob
RSUSR005                       List of Users With Critical Authorizations
RSUSR006                       Blocked Users and Users with Incorrect Logons
RSUSR007                       Display users with incomplete address data
RSUSR008                       By Critical Combinations of Authorizations at Transaction Start
RSUSR008_009_NEW               List of Users with Critical Authorizations
RSUSR009                       List of Users With Critical Authorizations
RSUSR010                       Executable Transactions ( All Selection Options )
RSUSR011                       Lists of transactions after selection by user, profile or obj.
RSUSR012                       Search authorizations, profiles and users with specified object va
RSUSR020                       Profiles by Complex Selection Criteria
RSUSR030                       Authorizations by Complex Selection Criteria
RSUSR040                       Authorization Objects by Complex Selection Criteria
SUSR050                       Comparisons
SUSR060                       Where-used lists
SUSR060OBJ                    Where-Used List: Authorization Object in Program and Transactions
SUSR061                       Enter Authorization Fields
SUSR070                       Roles by Complex Selection Criteria
SUSR080                       Users by License Data
SUSR100                       Change Documents for Users
SUSR101                       Change Documents for Profiles
SUSR102                       Change Documents for Authorizations
SUSR200                       List of Users According to Logon Date and Password Change
SUSR300                       Set External Security Name for All Users
SUSR301                       Fill non-checking transactions with auth.object S TCODE
SUSR302                       Delete authorization check on object S TCODE from table TSTCA
SUSR500                       User Administration: Compare Users in Central System
RSUSRLOG                       Log Display for Central User Administration
RSUSRSCUC                      CUA: Synchronization of the Company Addresses
RSUSRSUIM                      User Information System
Posted by at No comments:
Subscribe to: Posts (Atom)