Documente Academic
Documente Profesional
Documente Cultură
- 2-
- 6-
Motivation
I have found that a of the materials available in SAP
security are either 1) nonexistent 2) too general and
pedantic in nature 3) sales materials in disguise. And
since there are a very limited number of published
books in the area of SAP security, this title was a natural
addition to our growing library of practical references
for SAP consultants and managers.
This book, SAP Security Essentials, started as a list of
particularly useful FAQs in the area of SAP security.
That is to say, this is a list of tips and tricks that I have
used on projects in the past and thought were good
enough to include in a book. So for this book, we are
calling each tip, trick, recipe, an essential.
I hope these SAP Security Essentials are as valuable to
you as they have been to me.
- 7-
Introduction
Each security essential has a question (problem), and an
answer that is pretty straightforward but when you
see the guru icon this is information that represents
the highest degree of knowledge and understanding in a
particular area. So be aware that to completely
understand any given issue,you should read beyond the
first answer.
- 8-
- 9-
A:
designation;
yyyy is the Functional area in SAP such as Financial
Accounts Payable (FIAP) or Materials Management
Warehouse Maintenance (MMWM).
Under Describe give brief description of Role, i.e.,
INVOICE_PROCESSOR; Org is any major
organizational designations such as plant, sales org
or warehouse.
Example: J:FIAP_INVOICE_PROCESSOR is
Jones, Inc. Financial Accounts Payable Invoice
Processor for the company.
Jones, Inc. is the company, so there is no need to
use the _org designation. If this role did ALL or
cross company, then a designation would be
needed.
Note: If you set the configuration for Session
Manager to sort the roles for display, they sort in
alphabetical order by technical name. Your generic
System roles (Printing, RFC, GUI control, SU56,
SU53, SU3, SMX) should sort to the bottom; yyyy
should be Cross Application, or XA.
- 11 -
There is no
display only version. Sorry, it cant be done.
- 12 -
A:
- 13 -
Essential 4: Tcode
/SAPAPO/SDP94
A:
- 14 -
A:
- 15 -
- 16 -
A:
- 17 -
A:
- 18 -
A:
- 19 -
A:
- 20 -
A:
- 21 -
A:
- 22 -
A:
- 23 -
- 24 -
A:
- 25 -
A:
- 26 -
A:
- 27 -
Essential 18:
Login/disable_multi_gui_login
Will activating parameter
login/disable_multi_gui_login affect
workflow?
- 28 -
A:
- 29 -
A:
- 30 -
A:
- 31 -
A:
- 32 -
A:
- 33 -
A:
- 34 -
A: Use V_VBAK_AAT/02.
- 35 -
A: To disable SPRO:
- 36 -
A:
- 37 -
A:
- 38 -
A:
- 39 -
A:
- 40 -
- 41 -
A:
- 42 -
A:
- 43 -
A:
A:
- 45 -
A:
- 46 -
Essential 37:
A:
- 47 -
- 48 -
A:
- 49 -
A:
- 51 -
A:
- 52 -
A:
- 53 -
A:
- 54 -
- 55 -
A:
- 56 -
Essential 45:
Remote copy
A:
- 57 -
Essential 46:
Surveying departments
A:
- 58 -
A:
- 60 -
A:
- 61 -
A:
- 62 -
A:
A:
- 64 -
A:
- 65 -
A:
A:
- 67 -
Essential 55:
A:
- 68 -
A:
- 69 -
- 70 -
A:
- 71 -
A:
- 73 -
A:
- 74 -
A:
- 75 -
A:
- 76 -
A:
- 77 -
A:
- 78 -
A:
- 80 -
A:
- 81 -
A:
- 82 -
A:
Essential 68:
PHAP_SEARCH_PA
A:
- 84 -
A:
- 85 -
A:
- 86 -
A:
- 87 -
- 88 -
Essential 73:
transactions
A:
- 89 -
A:
- 90 -
- 92 -
- 93 -
[520965]
[534334]
[538887]
[658351]
[580341]
[534334]
[492222]
[523505]
[523502]
[523503]
[523504]
[496251]
[529151]
[529076]
- 94 -
Cluster
[529150]
[531349]
[531372]
[533728]
[533715]
System Copy
[547314]
[89188]
[489690]
[407123]
[516246]
[677447]
- 95 -
[662219]
Installation
[552914]
[492208]
[492221]
[492222]
[421795]
SAP_ANALYZE_ALL_INFOCUBES report
[355814]
[192658]
[525716]
[548496]
[514841]
[480692]
[443430]
[454042]
- 96 -
[150315]
[46272]
[123546]
[443767]
[639941]
[550669]
[561792]
[130253]
[417307]
- 97 -
Oracle
RAC
[527843]
[581320]
[621293]
Installation
[619188]
[619876]
[601157]
[145654]
[617416]
[598678]
[180605]
[632556]
[632427]
[565075]
[567745]
[359835]
[387946]
[351163]
Administration
- 98 -
[592393]
FAQ: Oracle
[588668]
[666061]
[541538]
FAQ: Reorganizations
[647697]
[600141]
[60233]
[385163]
[335725]
Problems
[354080] Note collection for Oracle performance problems
[323090] Performance problems due to degenerated indexes
[3807]
[185822]
[568632]
[178275]
[442763]
[159779]
[631668]
[634458]
[84348]
[750033]
- 99 -
indexes
Backup / Restore / Recovery
[442395]
[17163]
- 100 -
Reversing transports
[447925]
[539867]
Add-Ons
[555092]
- 101 -
Work Processes
[39412]
[21960]
[9942]
[33873]
Memory Management
[37537]
[78498]
[95454]
[88416]
[103747]
[386605]
[649327]
[548845]
[425207]
Buffering
[504875]
- 102 -
[678501]
[572905]
Background Processing
[16083]
Network
[500235]
Web Dispatcher
[538405]
[561885]
SAPOSCOL
[548699]
- 103 -
[144864]
[69455]
[207223]
[160777]
[309711]
[216952]
[539977]
[597673]
[560475]
[116095]
- 104 -
SAPGUI
SAPGUI For Windows
[431163]
[138869]
General
[66971]
[26417]
[166130]
[147519]
[203924]
- 105 -
SM36
SM37B
SM39
Job Analysis
SM65
SMX
RZ15
SM61
SM61B
- 106 -
System Monitoring
SM50
SM51
SM66
STDA
SMMS
RZ02
RZ03
RZ04
RZ06
RZ08
SM35
RZ20
CCMS Monitoring
RZ21
RZ23
RZ23N
RZ25
RZ26
RZ27
RZ27_SECURITY
RZ28
ST22
ST22OLD
- 107 -
Performance Analysis
STAD
STAT
STATTRACE
STUN
ST02
Setups/Tune? Buffers
ST03
ST03G
ST03N
ST04
DB Performance Monitor
ST04N
STP4
Select DB activities
ST04RFC
ST05
Performance trace
ST06
ST07
Application monitor
ST10
- 108 -
SM01
Lock Transactions
SM02
System Messages
SM04
User List
SM12
SM13
SM13T
SM14
System Configuration
RZ10
RZ11
RZ12
Security
SM18
SM19
SM20
SM20N
External Communication
SMGW
Gateway Monitor
SM54
TXCOM Maintenance
SM55
THOST Maintenance
SM59
- 109 -
SM59_OLD
SMQ1
SMQ2
SMQ3
SMQA
SMQE
qRFC Administration
SMQG
SMQR
SMQS
Registration of Destinations
SMT1
SMT2
SARFC
SM58
- 110 -
Internet Connectivity
SMICM
ICM Monitor
SMICM_SOS
ICM Monitor
SICF
SP01
Output Controller
SP01O
Spool Controller
SP02
SP02O
SP03
SP11
TemSe? directory
SP12
TemSe? Administration
SP1T
SPAD
Spool Administration
SPCC
ST33
ST34
ST35
ST36
ST37
STW1
STW2
- 111 -
STW3
STW4
STW5
STWBM
STWB_1
STWB_2
STWB_INFO
STWB_SET
STWB_TC
STWB_WORK
Tester Worklist
Transport System
SE01
SE03
SE06
SE07
SE09
Transport Organizer
SE10
Transport Organizer
SEPA
SEPS
STMS
STMS_ALERT
STMS_DOM
STMS_FSYS
STMS_IMPORT
STMS_INBOX
TMS Wo rklist
STMS_MONI
STMS_PATH
- 112 -
STMS_QA
STMS_QUEUES
STMS_TCRI
STMS_TRACK
SPAM
ABAP Development
SE11
ABAP Dictionary
SE11_OLD
SE12
SE12_OLD
SE13
SE14
SE15
SE21
Package Builder
SE24
Class Builder
SE29
Application Packets
SE30
SE32
SE32_OLD
SE32_WB99
SE33
Context Builder
SE35
SE36
SE37
- 113 -
SE38
ABAP Editor
SE38L
SE38M
SE38N
SE41
Menu Painter
SE43
SE43N
SE51
Screen Painter
SE54
SE55
SE56
SE57
STYLE_GUIDE
Archiving
ALINKVIEWER
ARCHIVELINKVIEWER
ALVIEWER
RZPT
ALO1
Determine ASH/DOREX
Relationships
SARA
Archive Administration
SARE
Archive Explorer
Cross-Archiving-Obj.
Customizing
SAR_SHOW_MONITOR
SARI
SARJ
- 114 -
Unsorted
AL02
AL03
AL04
AL05
AL08
Users Logged On
AL11
AL12
AL13
AL15
Customize SAPOSCOL
destination
AL16
AL17
AL18
AL19
ALM99
ALM_01
ALM_02
ALM_04
ALM_ME_GENERAL
Smartsync Settings
ALM_ME_GETSYNC
ALM_ME_INVENTORY
ALM_ME_NOTIF
ALM_ME_ORDER
- 115 -
ALM_ME_ORDER_STATUS
ALM_ME_SCENARIO
ALM_ME_USER
User-specific settings
ALRTCATDEF
RZ70
SLD Administration
RZAL_ALERT_PROXY
RZAL_MONITOR_PROXY
RZAL_MTE_DATA_PROXY
SA01
SA02
SA03
SA04
SA05
SA06
SA07
SA08
SA09
SA10
SA11
SA12
- 116 -
ADRVP
SA13
SA14
SA15
SA15V
SA16
Transport zones
SA17
SA18
SA19
SA20
SA21
SA22
SA23
SA38
ABAP Reporting
SA39
SABPWPFD
SABPWPFDGUI
SABRE_PNR
SAD0
SADC
SADJ
SADP
SADQ
SADR
SADV
SAKB0
AKB Configuration
SAKB4
SAKB5
- 117 -
SALE
SALE_CUA
SALRT01
SALRT02
SALRT1
SAMT
SAPTERM
SARP
SARPN
SART
SARTN
SASAP01
SASAP02
SASAPBCS
Call Up BC Sets
SASAPCATT
Call Up CATT
SASAPFLAVOR
Maintain Flavor
SASAPIA
SASA PIAC
Implementation Assistant
SASAPIG
Install.Guide: Authoring
Environment
SASAPIGP
Installation Guide:Phase
Maintenance
SASAPIMG
SASAPQADB
SASAPRELS
Maintain Release
SASAPROAD_ROLE
SASAPROAD_SUBJECT
SASAPROLE
- 118 -
SASAPSUBJECT
SASAP_IA
SM28
Installation Check
SM29
SM30
SM30_CUS_COUNT
SM30_CUS_INDU
SM30_CUS_SYST
SM30_PRGN_CUST
SM30_SSM_CUST
SM30_SSM_EXT
SM30_SSM_RFC
SM30_SSM_VAR
SM30_SSM_VART
SM30_STXSFREPL
SM30_TVARV
SM30_VAL_AKH
SM30_VSNCSYSACL
SM30_V_001_COS
SM30_V_BRG
SM30_V_DDAT
SM30_V_T585A
SM30_V_T585B
SM30_V_T585C
SM30_V_T599R
SM30_V_TKA05
SM31
- 119 -
SM31_OLD
SM32
SM33
SM34
SM38
SM49
SM56
SM580
SM62
SM63
Display/Maintain? Operating
Mode Set
SM64
Trigger an Event
SM69
SMAP01
SMARTFORMS
SMARTFORM_CODE
SMARTFORM_TRACE
SMARTSTYLES
SMCL
CSL: Monitor
SMEN
SMET
SMETDELBUFF
SMETDELPROG
SMLG
SMLT
Language Management
SMLT_EX
Language Export
- 120 -
SMME
SMOD
SMOMO
Mobile Engine
SMY1
SPACKAGE
Package Builder
SPAK
Package Builder
SPAR
SPAT
SPAU
SPBM
SPBT
SPDD
SPEC01
SPEC02
SPERS_DIALOG
Edit Personalization
SPERS_MAINT
SPH1
SPH2
SPH3
SPH4
SPH5
SPH6
- 121 -
SPH7
SPHA
Telephony administration
SPHB
SPHD
SPHS
SPHSREMOTE
SPHT
SPHW
SPIA
PMI Administration
SPIC
ST01
System Trace
ST11
ST14
Application Analysis
ST20
Screen Trace
ST20LC
Layout Check
ST4A
ST62
STARTING_URLS
SMTR_NAVIGATION_SEN
D_MESSAGE
START_AGR_GENERA
TOR
START_REPOR T
Starts report
STAV_TABR
STCTRL_COPY
STCUP
STDC
Debugger output/control
- 122 -
STDR
STDU
Debugger display/control
(user)
STEMPLATE
Customizing templates
STEMPMERGE
Mix templates
STEP10
STEP20
STERM
SAPterm Terminology
Maintenance
STERM_EXTERNAL
Transaction STERM:
External Callup
STERM_KEYWORDS
STERM_REMOTE
STFB
STFO
STI1
STI2
Change Docs
Correspondence
STI3
STKONTEXTTRACE
STMA
Proposal Pool
Administration
STMP
STPD
Test Workbench
STRUST
Trust Manager
STRUSTSSO2
STSEC
- 123 -
segment
STSEC_DLV
STSEC_TRA
STSN
Customizing Number
Ranges Time Strm
STSSC
Maintain deadline
procedures
STSSC_DLV
STSSC_TRA
Maintain transportation
dline proc.
STSTC
STSTC_DLV
STSTC_TRA
STTO
Test Organization
STVARV
STZAC
STZAD
STZBC
STZBD
STZCH
STZEC
- 124 -
systems
STZED
STZGC
STZGD
SE16
Data Browser
SE16N
SE16_ANEA
SE16_ANEK
SE16_ANEP
SE16_ANLA
SE16_ANLC
SE16_A NLP
SE16_ANLZ
SE16_BKPF
SE16_BSEG
SE16_BSID
SE16_BSIK
SE16_BSIS
SE16_ECMCA
SE16_ECMCT
SE16_KNA1
SE16_KNB1
SE16_LFA1
SE16_LFB1
SE16_MARA
SE16_MARC
- 125 -
SE16_RFCDESSECU
SE16_SKA1
SE16_SKB1
SE16_T000
SE16_T807R
SE16_TCJ_C_JOURNA
LS
Data Browser
TCJ_C_JOURNALS
Data Browser
TCJ_POSITIONS
SE16_TCJ_WTAX_ITE
MS
Data Browser
TCJ_WTAX_ITEMS
SE16_TXCOMSECU
SE16_USR40
SE16_USRACL
SE16_USRACLEXT
SE16_V_T599R
SE16_W3TREES
SE16_WWWFUNC
SE16_WWWREPS
SE17
SE18
SE18_OLD
Business Add-Ins:
Definitions (Old)
SE19
Business Add-Ins:
Implementations
- 126 -
SE19_OLD
Business Add-Ins:
Implementations
SE38P
SE38Q
SE39
SE39O
SE40
SE61
R/3 Documentation
SE61D
SE62
Industry Utilities
SE63
SE63_OTR
Translatio n - OTR
SE64
Terminology
SE71
SAPscript form
SE72
SAPscript Styles
SE73
SE74
SE75
SAPscript Settings
SE75TTDTGC
SE75TTDTGD
SE76
SE77
SE78
Administration of Form
Graphics
SE80
Object Navigator
SE81
Application Hierarchy
- 127 -
SE82
Application Hierarchy
SE83
Reuse Library
SE83_START
SE84
SE85
ABAP/4 Repository
Information System
SE89
Maintain Trees in
Information System
SE8I
Lists in Repository
Infosystem
SE90
SE91
Message Maintenance
SE92
SE92N
SE93
SE94
Customer enhancement
simulation
SE95
Modification Browser
SE95_UTIL
Modification Browser
Utilities
SE97
SEARCH_SAP_MENU
SECOCO
Control Composer
SECR
- 128 -
SECSTO
Administration of Secure
Memory
SELVIEW
SEM_BEX
SEM_NAV
SENG
Administration of External
Indexes
SENGEXPLORER
Explorer Index
Administration
SEO_PATTERN_GENE
RATE
Update Pattern
SERP
SESS
SESSION_MANAGER
SESS_START_OBJECT
Start an Object
SEU_DEPTYPE
SEU_INT
Object Navigator
- 129 -
Index
FS00 ............................................................................ 85
FSP0 ............................................................................ 85
HR ................................................................................ 55
HR and EHS
roles .......................................................................... 75
ITAR ............................................................................ 37
ITS debugging ............................................................ 76
Jobs............................................................................ 113
login problems ........................................................... 71
Management roles ..................................................... 82
ME21............................................................................ 94
ME21n ......................................................................... 94
modify data................................................................. 74
Movement types......................................................... 31
OAC0 ........................................................................... 95
Oracle ........................................ 101, 103, 105, 106, 107
Org Level Tables ........................................................ 28
Parameters tab........................................................... 27
password reset
self service ................................................................ 60
passwords ..................................................................... 71
personnel areas .......................................................... 84
HR ............................................................................ 84
PFCG................................................................ 35, 62, 81
PHAP_SEARCH_PA................................................. 91
Product Category............................... See Material Group
PV7I ............................................................................. 80
Query group................................................................ 68
Remote copy ............................................................... 62
report scheduling....................................................... 21
Report Variant
restricting.................................................................. 92
reports
- 131 -
authorization..............................................................30
RESPAREA ..................................................................54
restricted roles ............................................................22
Restricting access from MM03.................................41
Role.....................................................3, 5, 13, 14, 77, 87
role assignments ............................................................18
roles
cross module .............................................................75
roles assignments ..........................................................18
RSUSR008 ....................................................................69
RSUSR010 ....................................................................89
RSUSR060 ....................................................................44
RSVARENT..................................................................92
S_TABU_DIS...............................................................29
SAP CRM .....................................................................70
SAP_ALL................................................................46, 95
SDP94 ..........................................................................17
SE11 ......................................................................73, 120
SE38 ...........................................................................121
SE93..............................................................................96
Shopping Cart
updating status ........................................................92
SM04.............................................................................24
SM30.............................................................................45
SM35.............................................................................52
SM37 ..........................................................................113
SM59..................................................3, 15, 52, 116, 117
Spool...........................................................118, 129, 130
SPRO
disabling ....................................................................40
ST03 ........................................................................47, 73
SU01 .................................................................20, 48, 93
SU22..............................................................................81
- 132 -
SU25 ............................................................................ 36
SU50............................................................................. 48
SUIM............................................................... 22, 82, 83
SUKRI ......................................................................... 69
Surveying departments............................................. 63
T500P ........................................................................... 84
Table Maintenance .................................................. 127
Table names................................................................ 19
TACT ........................................................................... 19
TCURR ........................................................................ 88
Tracking user data..................................................... 47
Transaction code access............................................ 44
Transaction execution
by user ...................................................................... 66
transactions ................................................................ 96
Transport .......................................... 108, 119, 120, 124
TSTC ............................................................................ 96
UCMON ...................................................................... 51
Upgrading issues ....................................................... 36
user authorizations .................................................... 93
user comparison.......................................................... 83
User comparison........................................................ 83
user defaults ............................................................... 48
VF02............................................................................ 61
- 133 -
- 134 -
- 135 -