cancel
Showing results for 
Search instead for 
Did you mean: 

security question about Admin transaction: BDLS

Former Member
0 Kudos

Hello Experts,

i have a question regarding BDLS transaction: Conversion of Logical Systems. My former supervisor gave me the task to remove the BDLS transaction from all user profiles because of its critical matter. It should not be performed on Productive systems.

As i checked SAP Notes and documentations, i found this line:

"It is not possible to convert logical system names in a productive systemu201D

Based on common sense, it is not possible to perform the transaction in the Productive systems and not because of Authorizations but because SAP Standard it is so defined.

Do you have any experience with this? There are a few people that have this Transaction in our Systems but if its not possible to perform it, then i dont need to remediate it.

Thank you, for your feedback,

Cheerz,

david

Edited by: David Damaskinos on Dec 28, 2010 1:47 PM

Edited by: David Damaskinos on Dec 28, 2010 1:48 PM

Accepted Solutions (0)

Answers (2)

Answers (2)

arpan_paik
Active Contributor
0 Kudos

As i checked SAP Notes and documentations, i found this line:

"It is not possible to convert logical system names in a productive systemu201D

Were there any condition given on the same? If so then check if the same satisfy in your production system or not. However I am in favour of removing the transaction anyway. I am not so familiar with this transaction but there might be many other way (may be program, FM etc) through which some undone might be done.

Regards,

Arpan Paik

Former Member
0 Kudos

Hi Arpan,

yes there was one condition, the user who needs to run BDLS must have the object B_ALE_LSYS.

But this was not my concern, since my question is more to SAP Basis experts than to security specialists I just needed to know if its worth getting the trouble to remediate this issue

thanks for your answer,

Best regards,

david

former_member185031
Active Contributor
0 Kudos

From Security side if It is not possible to convert logical system names in a productive system that does not means the authorization should be given to the user, specially on a Productive environment. My opinion either lock the BDLS through SM01 or remove it from the users. if i will be an auditor my first question will be why this authorization is needed on a productive System ?.

Regards,

Subhash

Former Member
0 Kudos

Hello Subhash,

thanks for your tip, i did lock the transaction over SM01 and i will maintain the authorizations so the Roles are "clean".

Best regards,

david