MarieWagener.de -

Week 35 of the year 2010

Thu, 29 Dec 2011 21:29:04 +0100

Sorrow comes to all...Perfect relief is not possible, except with time.
You cannot now realize that you will ever feel better and yet you are sure to be happy again.......

Abraham Lincoln [1809-1865]

PRACTICAL GUIDE FOR SAP® SECURITY as e-book for free

Mon, 12 Dec 2011 01:01:49 +0100

This little book shall help you to understand the various elements of
SAP® security and their interaction.
Hope you enjouy reading it as much as I have enjoyed writing it.
As I will probably add more chapters over time,
I decided to go with this e-book version.
In the available 5 chapters you can read about the following:

1. Introduction to the general authorization concept of SAP®
2. Detail view: Components of the authorization concept
3. Basic mode of operations
4. Evaluation tools
5. How to

If you have any questions, I would be more than happy to answer them.
Please feel free to send me a mail.

This book is free for download, see attachments below.

Online Buch "Praxisleitfaden für SAP® CO" zum Download!

Sun, 02 Jan 2011 00:33:31 +0100

Hier steht Ihnen der Praxisleitfaden für SAP® CO
zum kostenfreien Download zusammengefasst zur Verfügung.

NEWS: eBook Webshop LIVE!

Sun, 03 Oct 2010 14:33:50 +0200

Wir freuen uns Ihnen einen kleinen Webshop
anbieten zu können, der es Ihnen ermöglicht, die von Ihnen
so häufig angefragten Bücher:

Praxisleitfaden für SAP® FI als persönlich lizenzierte Ausgabe
zum Preis von 69,90€

Praxisleitfaden für SAP® MM als persönlich lizenzierte Ausgabe
zum Preis von 69,90€

nunmehr käuflich zu erwerben.

Hier gelangen Sie zu unserem eBook Webshop.

For all English speaking vistors:

I have to apologize but the two books are currently not available
in English.
As soon as they are available, there will be a separate announcement.

Thanks for your patience,
Marie-Luise Wagener

NEWS: How to assign a portal role through an ABAP role

Wed, 14 Jul 2010 10:26:29 +0200

NOTE JULY 2010

How to assign a portal role through an ABAP role

Depending on what data source is selected for an Enterprise Portal [EP],
UME portal roles can actually be assigned to ABAP roles,
and with that indirectly assigned to users without additional steps in the EP.

Prerequisite

Data source needs to be set to ABAP system.

User Groups

Sun, 23 May 2010 09:49:41 +0200

NOTE JUNE 2010

User Groups

User groups are basically an instrument for the user administration,
but you can also utilize them for internal organization of users.
Users can be assigned to multiple user groups.

We have two different fields for user groups in the user master
[transaction SU01]:

1. Groups – on the groups tab

Table Control in SAP

Sat, 01 May 2010 20:58:03 +0200

NOTE MAY 2010

Table control in SAP®

The SAP® tables are defined in the repository, but not all of the defined tables
can be found in the database. SAP® distinguishes between certain database
and table categories.

We have two different categories of databases:

1. Logical database
A logical database provides a particular view of the database.

Password deposit in RFC connections

Sat, 03 Apr 2010 10:18:03 +0200

NOTE APRIL 2010

Password deposit for RFC connections

RFC [Remote function call] connections allow the execution of function calls
[programs – ABAP and non-ABAP] from external systems / clients.

These connections are maintained via transaction SM59.
This transaction cannot be restricted to „Read/Display only”.
Access to this transaction should only be granted to the Basis Administration team.

How to create an authorization object

Sun, 21 Feb 2010 09:56:53 +0100

NOTE MARCH 2010

How to create an authorization class / object

For add-on application, user-exits or customer specific developments
it is sometimes required to create a customer specific authorization object.
It is always recommended to also create a customer specific authorization
class where the corresponding objects are later then assigned to.

Call transaction SU21.
Create the object class by pushing the button

How to check users that are assigned to a role in the EP

Mon, 01 Feb 2010 23:48:34 +0100

NOTE FEBRUARY 2010

How to check users that are assigned to a role in the EP

The general portal roles only grant access to the available content in the
Enterprise Portal [EP] with different levels of permissions assigned.

UME [User Management Engine] roles consist of a set of UME actions
that define the scope of allowed activities.

The UME provides an interface for maintenance of users, roles
and groups with regard to the available data sources.

Creation of table authorization groups

Tue, 03 Nov 2009 19:56:49 +0100

NOTE NOVEMBER 2009

Creation of table authorization groups

A common task is to create a table authorization group to protect
the respective customer specific tables or views.
In the following paragraphs the necessary steps are described.

In a first step it is recommended to define a new authorization group.

1. Definition:

Call transaction SE54 and checkmark the entry “Authorization Groups”.

System Parameter Changes

Sun, 18 Oct 2009 12:36:28 +0200

NOTE OCTOBER 2009

System Parameter Changes

SAP® system parameters are controlled via profiles.
These profiles are stored in text files on the operating system level.
With that profile parameters could be changed on the OS level with the help
of common editors if a person has the necessary access.
Changes that occur on this level will not be logged, if the logging
is not especially activated for the OS level.

Therefore changes should not occur on this level, and access needs

Cross-system evaluations

Fri, 18 Sep 2009 11:54:35 +0200

NOTE SEPTEMBER 2009

Cross-system evaluations

When using a CUA [Central User Administration]
some of the information system reports offer an interface
for cross-system evaluations.
One of them is the report RSUSR002.

MASS CHANGES

Sun, 19 Jul 2009 12:54:47 +0200

NOTE JULY 2009

MASS CHANGES

SAP® offers several options to perform mass changes to vendor or customer
master data, general ledger accounts, orders etc.
One way is to apply the changes directly to the corresponding tables in which
the data is stored as for example table LFA1 and LFB1 [contain the general and company code specific data]. The advantage consists in the fact that a high

Report RSUSR003

Sat, 06 Jun 2009 10:26:18 +0200

NOTE JUNE 2009

Report RSUSR003

The report RSUSR003 allows the cross client password review of the
SAP® standard users SAP*, DDIC, SAPCPIC and EARLY WATCH
as well as a check of the respective system login parameters.

In the past when the report was selected for execution it was required to
have matching authorization to change the user group SUPER and
to perform client maintenance.

S_TABU_DIS with ACTVT=02 for DICBERCLS= SS