SAP Security Essentials

By SAPCOOKBOOK.COM
 SAP Security Essentials

Please visit our website at www.sapcookbook.com

2005 Equity Press all rights reserved.

ISBN 1-933804-02-5

All rights reserved. No part of this publication may be

reproduced, stored in a retrieval sy stem, or transmitted
in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without either
the prior written permission of the publisher or a
license permitting restricted copying in the United
States or abroad.
The programs in this book have been included for
instructional value only. They have been tested with
care but are not guaranteed for any particular purpose.
The publisher does not offer any warranties or
representations not does it accept any liabilities with
respect to the programs.

Trademark notices
SAP, SAP EBP, SAP SRM, Netweaver, and SAP New
Dimension are registered trademarks of SAP AG. This
publisher gratefully acknowledges SAP permission to
use its trademark in this publication. SAP AG is not the
publisher of this book and is not responsible for it under
any aspect of the law.

- 2-
 SAP Security Essentials

SAP Security Essentials................................1

Motivation ....................................................7
Introduction ............................................................. 8
75 SAP Security Essentials...........................9
Essential 1: Role Naming Procedures................. 10
Essential 2: Display Only SM59......................... 12
Essential 3: APO Authorizations ....................... 13
Essential 4: Tcode /SAPAPO/SDP94 ................ 14
Essential 5: Comparing user assignments ........ 15
Essential 6: Table names ..................................... 16
Essential 7: Cost center field in SU01 ................ 17
Essential 8: Security report scheduling............. 18
Essential 9: Querying restricted roles................ 19
Essential 10: Accidental deletions ...................... 20
Essential 11: Accidental deletions 2 ................... 21
Essential 12: Conflicting combinations ............. 22
Essential 13: The Parameters tab....................... 23
Essential 14: Org Level Tables............................ 24
Essential 15: Authorization objects.................... 25
Essential 16: Authorization reports .................... 26
Essential 17: Movement types............................. 27
Essential 18: Login/disable_multi_gui_login . 28
Essential 19: Expert mode................................... 29
Essential 20: Accessing authorization objects .. 30
Essential 21: Transaction code in PFCG............ 31
Essential 22: Upgrading issues........................... 32
Essential 23: ITAR Issues.................................... 33
Essential 24: ABAP Authority check.................. 34
Essential 25: Disable billing blocks.................... 35
Essential 26: Disable SPRO ................................. 36
Essential 27: Restricting access from MM03 ... 37
Essential 28: Creating new CATT in 6.4 ........... 38
- 3-
 SAP Security Essentials

Essential 29: Changing doc types .......................39

Essential 30: Transaction code access ...............40
Essential 31: Object V_VBAK_VKO...................41
Essential 32: Accidental auth objects ..................42
Essential 33: Tracking user data.........................43
Essential 34: Changing user defaults .................44
Essential 35: Changing auth group names ........45
Essential 36: Authorizing hierarchies ................46
Essential 37: BDC user vs. service user..............47
Essential 38: RESPAREA .....................................49
Essential 39: HR go-live.......................................50
Essential 40: Field values in auth groups ..........52
Essential 41: CCMS Configuration......................53
Essential 42: FICO SME.......................................54
Essential 43: Self-service password reset..........55
Essential 44: Transaction VF02..........................56
Essential 45: Remote copy ...................................57
Essential 46: Surveying departments.................58
Essential 47: Op SAP PS.......................................59
Essential 48: Transaction execution...................61
Essential 49: Auth object f_lfa1_grp..................62
Essential 50: Query group in QuickViewer .......63
Essential 51: Critical combinations .....................64
Essential 52: Creating a role in SAP CRM .........65
Essential 53: Specialized login problems...........66
Essential 54: Executing ST03..............................67
Essential 55: Turning off modify data................68
Essential 56: Cross module roles ........................69
Essential 57: Role FBL3N.....................................71
Essential 58: Object F_IT_ALV ..........................72
Essential 59: Transaction PV7I ...........................74
Essential 60: Building roles in PFCG .................75
Essential 61: Management roles..........................76

- 4-
 SAP Security Essentials

Essential 62: User comparison........................... 77

Essential 63: List personnel areas...................... 78
Essential 64: Transaction codes FS00/FSP0... 79
Essential 65: Assigned role in child system...... 81
Essential 66: Db-tab TCURR .............................. 82
Essential 67: Executable transactions ............... 83
Essential 68: PHAP_SEARCH_PA..................... 84
Essential 69: Restrict Report Variant access.... 85
Essential 70: Overwrite user authorizations .... 86
Essential 71: Restrict ME21 ................................. 87
Essential 72: Content repository ........................ 88
Essential 73: List of all SAP transactions .......... 89
Essential 74: Finding tables ................................ 90
Essential 75: User authorizations ....................... 91
Notes, Tables, and Transaction Codes.......93
SAP R/3 Enterprise OSS Notes ........................... 94
SAP Software Installation................................. 94
System Copy ....................................................... 95
SAP Business Warehouse ..................................... 96
Upgrade............................................................... 96
Installation ......................................................... 96
Internet Graphics Service (IGS)...................... 96
Internet Transaction Server (ITS)................... 96
BW System Administration.............................. 97
Oracle ...................................................................... 98
RAC...................................................................... 98
Installation ......................................................... 98
Administration ................................................... 98
Problems ............................................................. 99
Backup / Restore / Recovery ......................... 100
Software Logistics (Transport System, Add-Ons
& Support Packages) ........................................... 101
Transports ........................................................ 101

- 5-
 SAP Security Essentials

Support Packages .............................................101

Add-Ons.............................................................101
General System Administration.........................102
Tuning ................................................................102
Background Processing ...................................103
Network .............................................................103
Web Dispatcher ................................................103
SAPOSCOL........................................................103
SAP Remote Services ...........................................104
Service Connection...........................................104
SAPGUI ..................................................................105
SAPGUI For Windows .....................................105
Useful SAP Technical Transaction Codes 106
Background Processing .......................................106
System Monitoring...............................................107
Performance Analysis ..........................................108
General System Administration.........................109
System Configuration ..........................................109
Security ..................................................................109
External Communication ....................................109
Internet Connectivity...........................................111
Spool & Print .........................................................111
CATT Test Tool .....................................................111
Transport System.................................................112
Add-ons & Support Packages .............................113
ABAP Development..............................................113
Archiving ...............................................................114
Unsorted ................................................................115

- 6-
 SAP Security Essentials

Motivation

I have found that a of the materials available in SAP

security are either 1) nonexistent 2) too general and
pedantic in nature 3) sales materials in disguise. And
since there are a very limited number of published
books in the area of SAP security, this title was a natural
addition to our growing library of practical references
for SAP consultants and managers.

This book, SAP Security Essentials, started as a list of

particularly useful FAQs in the area of SAP security.
That is to say, this is a list of tips and tricks that I have
used on projects in the past and thought were good
enough to include in a book. So for this book, we are
calling each tip, trick, recipe, an essential.

I hope these SAP Security Essentials are as valuable to

you as they have been to me.

- 7-
 SAP Security Essentials

Introduction

Each security essential has a question (problem), and an

answer that is pretty straightforward but when you
see the guru icon this is information that represents
the highest degree of knowledge and understanding in a
particular area. So be aware that to completely
understand any given issue,you should read beyond the
first answer.

The Security Guru has Spoken!

- 8-
 SAP Security Essentials

75 SAP Security Essentials

- 9-
 SAP Security Essentials

Essential 1: Role Naming

Procedures

I am trying to determine the best role naming

procedures. We are doing a security set-up
redesign and would like to use Generally Accepted
Security Role Naming Practices. We are a global
company with decentralized SAP set-up with SAP
instances for each region.

A: The intent of developing a naming convention

for SAP access is to facilitate long-term
maintenance of Security, enhance auditing features,
and improve the periodic review of access. The
following is a proposal for the naming convention
guidelines for Roles, Profiles and Authorizations.
Note: Composite Role naming conventions are not
covered as they are NOT recommended for use.

Naming Conventions: Roles Z or Y is not

needed as part of the naming convention. SAP
Security is Master Data, not configuration or
repository object and therefore does not need the
standard development name space. The : is the
customer designation.

Role name template: xxxx;yyyy_Describe_org.

Designate xxxx as major company division, (i.e,
Jones, Inc., Parts, etc.). : is the Customer Role
- 10 -