on 09-15-2008 3:55 PM
Dear Experts,
After downloading the Fire fighter Security table(/n/virsa/vfat -> Utilities -> Download) this can be opened in excel and see all the passwords. This is a potential risk in Security and authorization. Kindly suggest me is there any note or corrections to get the data downloaded as encrypted itself ?
Or any other suggestions welcome please.
Thanks and Regards,
Shiju
Hello Shiju,
Just wanted to ask you what role (s) does the user have, who is downloading and changing the passwords. Are they standard SAP provided or are they custom?
Role "/VIRSA/VFAT_ROLE_ADMINISTRATOR" has access to "Export" the list and role "/VIRSA/Z_VFAT_ADMINISTRATOR" has access to "change" the password.
Also, in case you do not want the export function to be available to any user, you may chosse not to use these SAP default roles for Firefighter but create your own roles and assign them to the users, where you can define the table maintenence for "/VIRSA/ZVIRFFPWD" table, not to be available to anyone to restrict this.
Regards,
Hersh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Shiju,
Why I asked you this actually was becuase ideally you can keep this authorization to download this table and to make change, with one or different persons. So, he/she/they have the ownership of this table and this risk is taken care of properly by him/her or them.
1. In case, he/she is the one who is setting/re-setting it and have access to change the table too, you can have Mitigation Controls on him/her whenver he/she executed it.
2. In case you define two different people for each of these tasks (recommended), there would be no such issue as such; which can be achieved by the way I had suggested before .
Regards,
Hersh.
Hi,
There is way you can restrict the dialogue user login for the FF IDs you are mataining in FF as FF uses the RFC connection to open the another session for FF ID. So this way you can stop unauthorized access using FF IDs. Once they can not login from Logon Pad if they know the pwd still they can not use it as long as that FF ID is assigned to them in FF. I hope this resolve ur pwd. related worry.
Thanks,
Tavi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.