11-26-2012 10:30 AM
Hi Experts,
Anybody know a tip to set up an alert when user loggon to an ABAP system?
Thanks,
Cheers
12-03-2012 4:51 PM
Hi Sargan,
As per SAP Best Practices, User SAP* should be locked and the sap Parameter should be set to ensure that no one should be able to login as SAP*.. Please check in which client the changes were made and which programs are modified, and also please check the version of the program and the last modified by which tranport request .. if it is the same which you have mentioned, then please see if there is a job run by SAP*. If the audit log is enabled, you can check parallely the log file by keeping the date and user in the filter options
Thanks
Rajendra A
11-26-2012 9:15 PM
Hi Sargan
Instead of creating alerts you should make sure that SAP* is protected and cannot be used at all.
Kindly check notes:
Note 2383 - Documentation description of 'super user' SAP star
Note 68048 - Deactivating the automatic SAP* user
Cheers,
Diego.
11-27-2012 9:47 PM
Hi Sargan,
You can setup the audit log in the system through T-code Sm19 and values in filter with client'*" and user='SAP*'. This will give you all the details if someone will try to login with the user SAP* and all actions he will do.
Thanks,
Varun Jain
11-29-2012 9:31 AM
Hi thanks for answer.
The problem is we have in our system, reports Z modified with user SAP*.
ZBAPI
It is wrong? In these days, for example, in 05.07.2012, we have
imported order SIDK991265, with function module ZBAPI
We made these imports with our user, not generic user SAP*.
Thanks a lot for your help,
11-29-2012 7:13 PM
Probably the basis person installing the system scheduled the transport event jobs as SAP* and the FM is generated upon import. But there is no BAPI for that...
Take a look in the development system whether SAP* is also the last user to change the code there. Looking for a dialog login in the production system is unlikely to be of much use unless SAP* changed the code after the time of the import, particularly as SAP* cannot change customer objects from the normal SAPGui based workbenches - which means there is either some "hack" going on or you are looking in the wrong place.
Cheers,
Julius
12-03-2012 4:51 PM
Hi Sargan,
As per SAP Best Practices, User SAP* should be locked and the sap Parameter should be set to ensure that no one should be able to login as SAP*.. Please check in which client the changes were made and which programs are modified, and also please check the version of the program and the last modified by which tranport request .. if it is the same which you have mentioned, then please see if there is a job run by SAP*. If the audit log is enabled, you can check parallely the log file by keeping the date and user in the filter options
Thanks
Rajendra A
12-11-2012 2:30 PM
In an IDES system I used to manage I created a user exit in the login module which logged all users logging in. There was also an option to create a form to enter when logging in with SAP* and DDIC where we fetched additional information about the usage of SAP*.
One option could be to look into these user exits.
Some other similar modifications:
http://scn.sap.com/message/9251667
http://scn.sap.com/thread/1515252
Good luck!
12-11-2012 9:47 PM
As stated in those threads, this mechanism is not intended for restrictive security purposes.
I would not rely on it.
Cheers,
Julius