Notes 2007

NOTE NOVEMBER 2007

SAP® standard / special users

With the installation of a SAP® system, some standard users are created in the individual clients or system environments. Some of these users have already high authorizations from the beginning, and of course most of them have standard passwords assigned that are generally known.
These special users need special treatment and special protection.

1. SAP*
The user SAP* exists right after the installation in all clients. He has the composite profile SAP_ALL assigned and with that all relevant authorizations for the system set up.
NOTE OCTOBER 2007

System and client change option
SAP® consists of many different objects, like e.g. tables, reports, structures etc.
These objects need to be maintained in the various clients and systems to
different extents.
With regard to the fact that objects can be client-specific or cross-client the
maintenance control is covered by two different adjustments.

1. The system change option
NOTE SEPTEMBER 2007

Logging of table changes

SAP® is a table controlled system.
Tables can be understood as externalized program parts,
and with this they represent a legal component of
the procedural documentation e.g..

There are two different categories of tables:

1. Client-specific tables
Client-specific tables contain data that are only used for one client,
like e.g. the user logon data in USR02.

2. Cross-client  or client-independent tables
NOTE AUGUST 2007

Protection of reports / ABAP®s

The protection of reports is set up according to the same principle
as the protection of tables, only that SAP® does not provide
many standard assignments. The assignment to users succeeds
with the authorization object S_PROGRAM. The authorization object
consists of two fields. First the field User action ABAP/4® program
NOTE JULY 2007

PDF creation within SAP®

SAP® offers a feature to create PDF files from spool requests that can then be downloaded directly to your computer.
Call the transaction SA38 and enter the report name RSTXPDFT4.
NOTE JUNE 2007

The evaluation of the SysLog - SM21

The SysLog is an acronym for “System Logging”.
Selected events and problems within a SAP® system are generally logged.
The information are written into text files that are saved on the operation system level.
The exact location can be identified with the help of the system parameter DIR_LOGGING.
Call the transaction SA38 and enter the report name RSPFPAR, push the key F8.
NOTE MAY 2007

The SAP® system trace

SAP® offers with the system trace the opportunity to evaluate the
authorization objects that are checked during the call of the
different transactions.
With the help of the trace all authorization objects, on which an
authority check is executed while working with the system, can be logged.
This also includes the corresponding field values within the
authorization objects.
Call the transaction ST01 for the use of the system trace.
NOTE APRIL 2007

Table access - table protection

There are various  transaction codes to access tables.
You may use the popular ones like e.g. SE16, SE16N, SE17,
SM30
, SM31 etc.  .
All these transaction codes have one thing in common.
NOTE MARCH 2007

Transaction SE16 –risk and control

The transaction code SE16 in combination with critical authorizations
allows some highly critical steps within a SAP® system.
For this example you call the transaction code SE16,
and enter the table name TGSB to the selection field.
After selecting one special entry via double click,
NOTE FEBRUARY 2007

Transaction code SE16N - risk and control

The transaction code SE16N [report RK_SE16N] offers some options for table maintenance activities, if the corresponding authorizations are assigned as well.
But together with this risk, SAP® provides an integrated control that can be used for review.
First of all we have to understand how the maintenance activities can be executed:
1. Call the transaction SE16N.
RSS feed