TIPS
Posted by
Admin at
|
Share this post:
|
|
Transaction sm19 allows criteria for filtering your audit of transactional information by users and transactions. This does impose overhead on your system. The audit log location is also defined in this transaction and can be read and monitored in transaction sm20.
SAP report rsparam is an extremely useful program that can be run from sa38 to generate a list of all available profile parameters in your SAP system. The variant for unsubstituted parameters provides a complete list. You may then search on key words to find the parameters that you would like to set. This report is useful in security as well as all other Basis profile parameters of interest.
Call transaction sa38 and run the program RSUSR006 . You will get a list of locked users.
Goto transaction ewz5 you will get users with locked status
Run report EWULKUSR in transaction sa38 to get the list.s_tcode is the primary check for almost all SAP authorization checks. You can limit a transaction from being accessed simply by removing the transaction code from s_tcode in a role. Even if the other authorizations exist, the user will not have access to the transaction.
Ush12 has change history for authorization values, and ush10 contains historical data for authorization profiles. Ush02 and ush04 may also be analyzed. You may search on these tables using se11, se16, or se17 to compare tables and generate your own data. They are helpful for security forensics if you are trying to determine any possible questions on users that had authority at a point in time
Administrators who use the Profile Generator require authorization for the following authorization objects: S_USER_AGR Authorization Check for Activity Groups S_USER_TCD Transaction Assignment of Transactions to Activity Groups S_USER_GRP User Master Maintenance: User groups S_USER_PRO User Master Maintenance: Authorization Profile S_USER_AUT User Master Maintenance: Authorizations S_USER_VAL Maintenance of Authorization Values in Activity Groups
SAP report rsparam is an extremely useful program that can be run from sa38 to generate a
list of all available profile parameters in your SAP system. The variant for unsubstituted
parameters provides a complete list. You may then search on key words to find the
parameters that you would like to set. This report is useful in security as well as all
other Basis profile parameters of interest.
Call transaction sa38 and run the program RSUSR006 . You will get a list of locked users.
s_tcode is the primary check for almost all SAP authorization checks. You can limit a
transaction from being accessed simply by removing the transaction code from s_tcode in a
role. Even if the other authorizations exist, the user will not have access to the
transaction.
Deletable files in SAP
Offline Redo log files
Backup them and then delete
Old spool and log files
They are not necessary for R/3 functions and should be deleted regularly by scheduling a
periodic batch job.
File name "CORE" (Unix only)
The R/3 System work directory (e.g. /usr/sap/c11/D00/work ) often contains a file called
'core' from previous program terminations. This file may be deleted at any time.
Old ABAP/4 trace files.
Use Transaction SE30 to delete the files
Old output requests
They are stored on the data directory as files SP*.
The complete list of the dynamically switchable parameters can be found in the table TPFYPROPTY.
Follow the steps below:
1) Run Tcode SE11
2) Insert TPFYPROPTY in the 'database table' column and click on 'display'
3) In this screen click on 'contents'
4) Insert 'X' in the field 'DYNAMIC' and then execute
You fill find the list of parameters that are dynamically switchable.
(OR)
Goto RZ11 and press F5 Key.
"Technical names on" is a menu option from profile generator (PFCG) that shows the
authorization object names. This will be shown in the right-hand column of the from menu
option Utilities -> Technical Names On. The example below shows a role with the expanded
authorizations. These names are easy to search on if you're trying to modify a role to fit
needed authorizations to a role.
All customizing changes (changes to SAP functionality) are collected in customizing
requests. Changes to the SAP repository and data dictionary (customers development or
changes to SAP standard objects) are collected in workbench requests.
Want to transport your program variant quickly and easily? Start program RSTRANSP from SA38
or SE38, enter the program or variant name and execute. Select the variant you want to
transport and simply add it to a transport. This is nice for developers that don't have
access to production systems and need to create a variant for the users.
Keyword: BASIS
Title : TIPS
