06-17-2011 6:54 PM
I have started using RSECNOTE. Can you tell me if this tool lists only the SAP Security Notes that apply to the system you run it in? Or is it just a convenient way for you to "check off' or "turn green" the ones you have reviewed so you can keep up with them. I am seeing BW notes even though I ran it in an R3 system. It is possible that the note applies becuase it is related to an RFC, but the note is to be applied in a BW system.
06-17-2011 7:28 PM
It checks the release and SP dependent notes for the software components installed.
An ECC component type system has a BW "inside" it. You can verify this via the existence of RSA1 in the system.
Cheers,
Julius
06-17-2011 7:28 PM
It checks the release and SP dependent notes for the software components installed.
An ECC component type system has a BW "inside" it. You can verify this via the existence of RSA1 in the system.
Cheers,
Julius
06-17-2011 8:17 PM
Thanks Julius, that's what I needed to know. We appreciate your help and contributions.
06-17-2011 9:02 PM
Thanks Gary - nice to hear that and see you here.
I can also recommend some blogs on rsecnote and integration into SolMan - so that you can centrally monitor the security notes.
I personally still use the service.sap.com/securitynotes as rsecnote does not list everything. Read the comments to the blogs - particularly those by Frank Buchholz.
Cheers,
Julius
06-17-2011 11:37 PM
Gary,
What I have discovered is that not all Security notes are flagged for use/implementation via RSECNOTE. I think its still worth its time and labor to go into the SAP Security Notes website (http://service.sap.com/security) and check for notes without the flag for automatic check as blank, these wont be shown in RSECNOTE. Based on the risk acceptance of your organization you can evaluate if you only look at HotNews or go to lower levels like High/Medium level notes.
My two cents.
Matt