cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Optimization Self Service / Thresholds

former_member313130
Participant

on ‎02-20-2013 12:18 PM

0 Kudos

Dear all,

does somebody know the thresholds of the Solution Manager Security Optimization Self Service?

Thanks in advance for your help!

Kind regards,

Joern

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

richard_pietsch
Active Contributor
‎02-20-2013 1:46 PM
0 Kudos

Hi Jörn,

what kind of thresholds do you refer to?

The self service performs like every other service session; first you collect data from a system e.g. via SDCCN framework, then you initialize the service session where the collected data is processed against an internal rule framwork. The data is rated according to the number of findings (everything is fine = green, some issues = yellow, critical setting = red).

Most of the checks can also be performed using the user information system (SUIM), e.g. users with critical authorizations.

Regards, Richard

Show replies
Show replies
former_member313130
Participant
‎02-20-2013 1:57 PM
0 Kudos

Hello Richard,

thanks for your answer!

I would like to know which system parameter including thresholds (for example login/fails_to_user_lock)

are checked during the SOSS.

Kind regards,

Joern

richard_pietsch
Active Contributor
‎02-20-2013 4:03 PM
0 Kudos

Hi Joern,

here are some of the analyzed issues:

super user accounts .. no threshold

users allowed to run ST14 .. no threshold

logon and password policy:

login/disable_password_logon = 0

LOGIN/MIN_PASSWORD_LNG = 8

login/password_max_idle_productive > 0

login/password_expiration_time = 30

RDISP/GUI_AUTO_LOGOUT = 1800

LOGIN/DISABLE_MULTI_GUI_LOGIN = 1

RDISP/ACCEPT_REMOTE_TRACE_LEVEL = 0

RFC/REJECT_EXPIRED_PASSWD = 1

see note 862989 for the following:

login/min_password_digits

login/min_password_letters

login/min_password_lowercase

login/min_password_uppercase

login/min_password_specials

login/password_max_idle_initial

further auth. checks:

Users with Initial Passwords Who Have Never Logged On

Users with Reset Password Who Have Not Logged On

Users Who Have Not Logged On for an Extended Period of Time

Security Critical Events for End Users Are Not Logged in the Security Audit Log (SM19 logging)

Users - Other Than the System Administrators - Are Authorized to Lock/Unlock Transactions

Users - Other Than the System Administrators - Are Authorized to Maintain Other User's Lock Entries

Users - Other Than the System Administrators - Are Authorized to Maintain Own Lock Entries

Users - Other Than the System Administrators - Are Authorized to Delete or Reprocess Broken Updates

Users - Other Than the System Administrators - Are Authorized to Activate a Trace

Users - Other Than the Spool Administrators - Are Authorized to Display the TemSe Content

Users - Other Than the Background Administrators - Are Authorized to Schedule Jobs in SM36

Users - Other Than the System Administrators - Are Authorized to Define External OS Commands

Users - Other Than the System Administrators - Are Authorized to View Content of OS Files with AL11

Users - Other Than the System Administrators - Are Authorized to Access RFC Logon Information

Users - other than the communication users - are authorized to run any RFC function

Users - other than the key users - are authorized to visualize all tables via RFC

Users - Other Than the System Administrators - Allowed to Maintain the ALE Distribution Model

Users - Other Than Key Users - Are Authorized to Start All Reports

Users - Other Than Key Users - Are Authorized to Display All Tables

Users Are Authorized to Maintain All Tables

Users - Other Than the System Administrators - Are Authorized to Change the System Change Option

Users Are Authorized to Debug and Replace Field Values in the Production System

Users - Other Than the User Administrators - Are Authorized to Maintain Users

Users with Authorizations for User and Role/Profile/Authorization Maintenance

Users - Other Than the System Administrators - Are Authorized to Maintain the System PSE's

Table Logging Is Not Enabled for Import

Super Users

Users with Profile SAP_NEW 

Standard Users (Locking & Passwords)

SAP Security Notes: ABAP and Kernel Software Corrections

Regards, Richard

former_member313130
Participant
‎02-21-2013 12:32 PM
0 Kudos

Hello Richard,

thanks a lot for these information!

Kind regards,

Joern

Ask a Question