cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fire fighter security table download

Former Member

on ‎09-15-2008 3:55 PM

0 Kudos

Dear Experts,

After downloading the Fire fighter Security table(/n/virsa/vfat -> Utilities -> Download) this can be opened in excel and see all the passwords. This is a potential risk in Security and authorization. Kindly suggest me is there any note or corrections to get the data downloaded as encrypted itself ?

Or any other suggestions welcome please.

Thanks and Regards,

Shiju

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-18-2008 10:33 AM
0 Kudos

Hello Shiju,

Just wanted to ask you what role (s) does the user have, who is downloading and changing the passwords. Are they standard SAP provided or are they custom?

Role "/VIRSA/VFAT_ROLE_ADMINISTRATOR" has access to "Export" the list and role "/VIRSA/Z_VFAT_ADMINISTRATOR" has access to "change" the password.

Also, in case you do not want the export function to be available to any user, you may chosse not to use these SAP default roles for Firefighter but create your own roles and assign them to the users, where you can define the table maintenence for "/VIRSA/ZVIRFFPWD" table, not to be available to anyone to restrict this.

Regards,

Hersh.

Show replies
Show replies
Former Member
‎09-23-2008 7:52 AM
0 Kudos

Hi Hersh,

Ya I know and we can restrict S_TABU_DIS DICBERCLS=ZV&U , ACTVT 03, this will solve the problem.

But there is a way other than this table level restriction, I would like to know that please.

Thanks and Regards,

Shiju

Former Member
‎09-27-2008 4:21 PM
0 Kudos

HI Shiju,

Why I asked you this actually was becuase ideally you can keep this authorization to download this table and to make change, with one or different persons. So, he/she/they have the ownership of this table and this risk is taken care of properly by him/her or them.

1. In case, he/she is the one who is setting/re-setting it and have access to change the table too, you can have Mitigation Controls on him/her whenver he/she executed it.

2. In case you define two different people for each of these tasks (recommended), there would be no such issue as such; which can be achieved by the way I had suggested before .

Regards,

Hersh.

Former Member
‎09-16-2008 8:44 PM
0 Kudos

Hi,

There is way you can restrict the dialogue user login for the FF IDs you are mataining in FF as FF uses the RFC connection to open the another session for FF ID. So this way you can stop unauthorized access using FF IDs. Once they can not login from Logon Pad if they know the pwd still they can not use it as long as that FF ID is assigned to them in FF. I hope this resolve ur pwd. related worry.

Thanks,

Tavi

Show replies
Show replies
Former Member
‎09-23-2008 7:48 AM
0 Kudos

Hi Tavi,

Kindly let me know what is the way you mentioned ?

Best regards,

Shiju

Ask a Question