SM58 Transactional RFC
Table logging and table protection
Only one transaction code can be entered here, otherwise a single role would always be searched, which includes all transactions searched for and is assigned to the respective user. However, since the transactions can also be assigned to the user via different roles, this would not be useful. If you use the above Input variants are also only considered transactions that have been maintained in the role menu. If it is not certain whether the transaction was entered in the menu or in the S_TCODE privilege object of the role, up to four transactions can also be checked by searching through the S_TCODE permission object. Important is the attention and appropriate use of the AND/OR relationship. After the query is executed, the roles that contain the requested transaction and are associated with the user are now displayed. If you use the search through the S_TCODE permission object, the following result page appears. When looking at the result, in addition to limiting the number of transactions that can be entered, another drawback of this variant becomes apparent: Although both associated roles are displayed, at first glance it is not possible to see which transaction is contained in which role. To do this, the roles would have to be considered individually. If more transactions with user assignment are to be identified at the same time and the role assignment is to be seen directly, the use of the transaction SE16N is recommended.
At the same time, there is a need to return the solutions to the SAP standard. A collaborative approach between departments and IT technology is required to assess IT technical and business benefits. It is also necessary to check whether the adaptation of business processes to avoid modifications to the implementation may be more effective and therefore more cost-effective. This must be evaluated and decided jointly. As a result, we recommend defining and implementing business standards for creating and maintaining solutions.
Control users and access rights
Remove weak password hashes from the system: Only updating the profile parameter does not provide you with the necessary security. There are still many weak hash values in your database that can be used to attack your system. These must be completely removed from the database. To do this, use the report CLEANUP_PASSWORD_HASH_VALUES. To do this, call the transaction SA38 and enter the name of the report in the input field. Run or F8 executes the programme and cleans your database Report CLEANUP_PASSWORD_HASH_VALUES This programme removes the outdated hash values across all clients. Have you already experienced this attack method or any other comments on this topic? Share your experiences with us in the form of a comment under this article.
Projects: Your SAP Basis administrator plays a key role in planning and executing system upgrades and migrations. He is also responsible for transport management and tests software updates to ensure they are compatible with the landscape. In addition, he must ensure that they are installed in the correct order.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
Only the regular review of the standards guarantees their compliance.
Design of the graphical user interface for the presentation layer.