10-30-2008 9:59 PM
Hi
We have a Security Department in the Company and they want to restrict the database access through IP's validations. That means that only the BASIS and database Administrators can access to the BD from their PC's.
They want to create a Table (IP, Comment, LastDate of Modification, LastDate Conection ), a Store Procedure and a Trigger to validate all the conections to the Database.
I know that if we made some change to the system we lost the guarantee, but they insist to make the change.
That we want is to validate that this procedure can be applied in the system or if it is possible to use other solution to restrict that DB access.
Thanks in Advance and Best Regards
Reynaldo Rebolledo
10-31-2008 12:03 PM
> We have a Security Department in the Company and they want to restrict the database access through IP's validations. That means that only the BASIS and database Administrators can access to the BD from their PC's.
That sounds good to me. Database access should be very restrictive, especially access outside the application.
> They want to create a Table (IP, Comment, LastDate of Modification, LastDate Conection ), a Store Procedure and a Trigger to validate all the conections to the Database.
Strange option. In SAP restrict the databse-relevant transactions and outside SAP make sure direct connections are near to impossible.
> I know that if we made some change to the system we lost the guarantee, but they insist to make the change.
Make it outside the system and keep your guarantee.
> That we want is to validate that this procedure can be applied in the system or if it is possible to use other solution to restrict that DB access.
Have a look at networking, routers and firewalls. Talk to your network administrators and bring an SAP architecture/infrastructure guru.
Basically all communication with the database is networked via TCP-IP, also the communication from and to the SAP application. Restricting the IP-addresses which can communicateb with the server over the ip ports the database uses should solve your issue.
10-31-2008 5:08 PM