on 02-20-2013 12:18 PM
Dear all,
does somebody know the thresholds of the Solution Manager Security Optimization Self Service?
Thanks in advance for your help!
Kind regards,
Joern
Hi Jörn,
what kind of thresholds do you refer to?
The self service performs like every other service session; first you collect data from a system e.g. via SDCCN framework, then you initialize the service session where the collected data is processed against an internal rule framwork. The data is rated according to the number of findings (everything is fine = green, some issues = yellow, critical setting = red).
Most of the checks can also be performed using the user information system (SUIM), e.g. users with critical authorizations.
Regards, Richard
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joern,
here are some of the analyzed issues:
super user accounts .. no threshold
users allowed to run ST14 .. no threshold
logon and password policy:
login/disable_password_logon = 0
LOGIN/MIN_PASSWORD_LNG = 8
login/password_max_idle_productive > 0
login/password_expiration_time = 30
RDISP/GUI_AUTO_LOGOUT = 1800
LOGIN/DISABLE_MULTI_GUI_LOGIN = 1
RDISP/ACCEPT_REMOTE_TRACE_LEVEL = 0
RFC/REJECT_EXPIRED_PASSWD = 1
see note 862989 for the following:
login/min_password_digits
login/min_password_letters
login/min_password_lowercase
login/min_password_uppercase
login/min_password_specials
login/password_max_idle_initial
further auth. checks:
Users with Initial Passwords Who Have Never Logged On
Users with Reset Password Who Have Not Logged On
Users Who Have Not Logged On for an Extended Period of Time
Security Critical Events for End Users Are Not Logged in the Security Audit Log (SM19 logging)
Users - Other Than the System Administrators - Are Authorized to Lock/Unlock Transactions
Users - Other Than the System Administrators - Are Authorized to Maintain Other User's Lock Entries
Users - Other Than the System Administrators - Are Authorized to Maintain Own Lock Entries
Users - Other Than the System Administrators - Are Authorized to Delete or Reprocess Broken Updates
Users - Other Than the System Administrators - Are Authorized to Activate a Trace
Users - Other Than the Spool Administrators - Are Authorized to Display the TemSe Content
Users - Other Than the Background Administrators - Are Authorized to Schedule Jobs in SM36
Users - Other Than the System Administrators - Are Authorized to Define External OS Commands
Users - Other Than the System Administrators - Are Authorized to View Content of OS Files with AL11
Users - Other Than the System Administrators - Are Authorized to Access RFC Logon Information
Users - other than the communication users - are authorized to run any RFC function
Users - other than the key users - are authorized to visualize all tables via RFC
Users - Other Than the System Administrators - Allowed to Maintain the ALE Distribution Model
Users - Other Than Key Users - Are Authorized to Start All Reports
Users - Other Than Key Users - Are Authorized to Display All Tables
Users Are Authorized to Maintain All Tables
Users - Other Than the System Administrators - Are Authorized to Change the System Change Option
Users Are Authorized to Debug and Replace Field Values in the Production System
Users - Other Than the User Administrators - Are Authorized to Maintain Users
Users with Authorizations for User and Role/Profile/Authorization Maintenance
Users - Other Than the System Administrators - Are Authorized to Maintain the System PSE's
Table Logging Is Not Enabled for Import
Super Users
Users with Profile SAP_NEW
Standard Users (Locking & Passwords)
SAP Security Notes: ABAP and Kernel Software Corrections
Regards, Richard
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.