Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to secure generated files?

Former Member

‎08-19-2013 9:12 PM

0 Kudos

Our legal department wants to generate intellectual property files in our BI system for analytics and reporting, but wants us to ensure that no one will be able to access these files via SE16 table display or similar transactions.  The files will not be transported, but generated with random names and prefixed with /BIC/ or /BI0/, so we are almost sure that we will not be able to create and prematurely add the files to S_TABU_DIS authorization groups.   Does anyone have any ideas on what to do about this issue?

7 REPLIES 7

Former Member

‎08-27-2013 7:54 AM

0 Kudos

Hi Dale,

Please get the confirmation on the following:

Where are these files getting generated? Are these files getting generated directly in BI System?

Normally BI system contains data for analytics, i.e data will be pushed from other systems lets say ECC, R3 Systems and the subsequent fields will be mapped in BI system.

Regards,

Ramakrishna Dadi

Former Member
In response to Former Member

‎08-27-2013 7:17 PM

0 Kudos

Hi Ramakrishna Dadi,

The files are generated directly in BI system.  That is the issue. 

Dale

Former Member
In response to Former Member

‎08-28-2013 7:53 AM

0 Kudos

Hi Dale,

If that is the case. Please take the help of Basis/ABAP guy to locate the target file location and route the files to a directory /usr/sap/temp/legal for e.g.

SAP provide a mechanism to restrict a user's access to certain files or directories
using the auth object S_PATH regardless of whether it is called by a program or not. 

1. To reate a new auth group, run transaction SM30 and enter table SPTHB.
Choose maintain.

Choose New Entries and add a new auth group according to the organization's naming standard.  I would suggest starting it with Z and three characters (e.g. ZNNN). 

2. Press Save.

3. Link the Auth Group you created to the UNIX file system by creating an entry in
table SPTH via transaction SM30.


Individual files can also be secured by creating another auth group and assigning it at
the file level in SPTH.

Explore this option and try if you can succeed.

Regards,

Ramakrishna Dadi

Former Member
In response to Former Member

‎08-28-2013 4:17 PM

0 Kudos

Thank you for your reply, Ramakrishna Dadi, however a colleague noticed that I posted 'generated files' when I should have said 'generated tables'. or tables generated directly in BI system with a blank authorization group.  I apologize for that.

Dale

Former Member
In response to Former Member

‎08-28-2013 10:52 PM

0 Kudos

This is one of the reasons why AA auths were integrated into RSA1 and S_TABU_NAM was developed. If you search for those terms you will find the original thread on it which discussed the solution with the developers.

Cheers,

Juliis

Former Member
In response to Former Member

‎09-03-2013 9:26 PM

0 Kudos

Thank you for your advice, Julius,

These tables will be generated in production, so we aren't sure what the table names will be.  We do know that the tables will be prefixed by /BIC/A (DSO Active Table) or /BIO/B (DSO Change Log) however.  I don't see how we can restrict SE16 developer's access to these tables with S_TABU_NAM.  I'm sure it is my ignorance, so please advise. 

Thank you,

Dale

Former Member
In response to Former Member

‎09-04-2013 6:34 AM

0 Kudos

The table does not have to exist (yet) to maintain s_tabu_nam.

So you can work out the name (spaces) from the DSOs and enter them. The authorization will not be destroyed together with the table...

Cheers,

Julius