Security tool that can scan SAP database server fo...

Larrym_mcc47 · ‎03-04-2011

We have been require to scan our SAP training system database for personal Information. The database software is DB6.

Do anyone know of a security application tool that can perform a complete scan of the DB server for personal information, credit card and vendor information? We are on SAP ECC 6.0, AIX operating system and DB6 release 09.05.0004.

Former Member · ‎03-05-2011

The standard tool for this is transaction SE11, but if the fields are meaninglessly typed or the data is outside of the application tables then it is a tough call to search for references to the data. It also does not tell you whether there is data.

Analysing the programs and inspecting the file system (shares and interfaces) is usefull as well.

I am not aware of any "one mouse click tool" and am struggling to amagine one..

Cheers,

Julius

Edited by: Julius Bussche on Mar 5, 2011 4:30 PM

Larrym_mcc47 · ‎03-07-2011

Thank you for your response - We are hoping that someone out there may have heard of a personal information scanning tool that scans at the server level or have develop something in ABAP.

Former Member · ‎03-07-2011

It would be quite simply to do it in an ideal world... Just right click the domain and hope that you have only installed those components you actually use...

To automate it you could create a program which searched for fields whîch use the domain or are typed to the standard fields, and then select on those fields of all tables which have values (or foreign keys to values).

Generic external auditing tools don't survive long in the SAP world because of the proprietary and changing nature of the data storage mechanisms. Actually it can crack your skull if you want to do it properly

I am only aware of gimics so far. It is better to use programing standards and centralizing critical data to be accessed via APIs only.

Cheers,

Julius

Security tool that can scan SAP database server for personal information