09-30-2013 8:36 AM
HI,
I need to automate EWA report in dashboard and for that i need the related targets, queries or tables which basically use to generate EWA.
For example I need information on security:
Super User Accounts ,Users Authorized to Reset or Change User Passwords ,
Users Authorized to Display Other Users Spool Request , Users Authorized to start all Reports,Users Authorized to Display all Tables. which basically get in any EWA report.
Could you please suggest the what are the tables or queries.
Thanks,
Venu
09-30-2013 9:22 AM
Hi Venu,
To save you having to reinvent the wheel, why don't you look at the SAP Security Optimization Service?
http://wiki.scn.sap.com/wiki/display/SM/Overview+and+How-to+on+Security+Optimization+Self+Service
09-30-2013 9:22 AM
Hi Venu,
To save you having to reinvent the wheel, why don't you look at the SAP Security Optimization Service?
http://wiki.scn.sap.com/wiki/display/SM/Overview+and+How-to+on+Security+Optimization+Self+Service
09-30-2013 10:59 AM
Hi Will,
Thanks for the quick response.
I had gone through relevant docs in forum but i really didn't understand the way Solution manager works for Early watch reports.I am working on a assignment where i need to automate Xcelcius dash board(For multiple systems) with latest EWA updates.Generally we get EWA alerts every week as seperate file but i am finding difficulty in identifying the relevant sources for EARLY WATCH REPORT KPI'S .
Example : For technical operations either in solman system or in manged system will have some tables or infocubes to feed data to EWA and also similarly for all other parameters there must be one source/table or multiple sources/tables.
Is there anyway to find out the relavant EWA KPI's easily?these are required to automate the dashboard.
I have got relevant KPI's in the below link that i need for security but i am not sure how to make use as source for dashboard
Security Optimization self service questionaire :http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/02b32111-0c01-0010-1fba-853ba527f...
Your response is highly appreciated.
Thanks,
Venu
09-30-2013 12:00 PM
Ah OK - I don't know anything about Xcelsius, but if I were looking to incorporate EWA type reporting into a dashboard, I would still look at the SOS service, and whether it is possible to read the output of that report into your dashboard. That way you could just schedule the report to run in the managed systems and benefit from the queries that SAP have already created (plus a whole load more that would really please your auditors).
But if you want to do it yourself, check out the USR* tables - there are many of them so I will leave you to work out which ones you need.
Bear in mind that:
1) In many cases, you're going to need to look for a combination of authorizations for the user to be able to do something, for example the user needs an S_TCODE value as well as one or more auth objects and field values in order to be able to "create a user".
2) That there may be several different TCodes that a user can use to achieve the same action. For example, everybody thinks of SU01 and SU10 as user maintenance transactions, but there are several others that could be used instead. Your queries would need to capture all of these.
The SOS report output tells you what the query looked for, so it would be very helpful to run it once in order to help create your own.
10-01-2013 7:05 AM
Hi Will,
Thanks for the reply.
Will i get any standard bw reports for early watch reports?my intention is to feed these standard/customized queries to Xcelsius.
For example above security parameters,Do we have any standard source or targets/queries in BW.I have deeply gone through system but i didn't find any standard queries for this but EWA will
The main idea is to automate all the EWA's but at the moment BI is in solman system and later both will be sepearted.
In this scenarion please suggest best possible solution.
Regards,
Venu
10-01-2013 11:15 AM
Hi Venu,
Whether you use Earlywatch or the SOS service, you'll get the standard reports for that service on whichever managed systems you run them on. I don't recall anything specific to BW, other than the standard "how many users are super users" type of thing, but others may correct me.
The SOS service is very quick to set up - it took me about 1 hour to hook up a sandbox system the first time I did it, so why not give it a try and see how you get on? Alternatively, you should have some EWA reports already that you can go back through?
10-01-2013 12:22 PM
Hi Will,
Thanks for the quick response.
I am new to the solution manager so my questions seems to be simple to you but please try to bare with me.
As I said above ,i need to build dashboard template for all the systems(Basically this dash board contains all KPI"s of EWA for 20 production systems) and the frequency of EWA is weekly,daily &monthly for all and it should be graphical user interface with nice dashboard.Here the source is Global solution Manager where it connects to all the managed systems.
For this Scenario i choose BW as source and on top of that Xcelsius as reporting tool to build dashboard.
But what i understand that we can also generate dashboard in solman but i don't know how to identify and integrate EWA KPI's as an app for the existing dashboard in Solman and whether the solman graphical dashboard is user friendly or not?
1)Will i get standard reports for EWA's KPI to build dashboard in the solution manager ?if yes, please suggest the procedure
2)s there any way to identify EWA KPI's in Solman?
Thanks in Advance,
Regards,
Venu
10-02-2013 9:21 AM
Hi Venu,
Apologies for any confusion, I think you are asking one question and I am answering another .
I don't know about dashboards, so I do not know about any reporting functionality that might be available to you as standard.
If you are trying to find where to get the information needed for the EWA / SOS KPI's then yes, the information you need to create those queries is stored in tables in your managed systems. For example, look at the USR* tables for some useful user related information.
But I think you are actually asking if there are any pre-existing dashboard queries, in which case, sorry, I can't help you.
10-11-2013 10:38 PM
Hello gentlemen,
@Will: Xcelsius, SAP GUI, Adobe forms, NWBC -> all the same, just UIs. That does not change any of the points you have raised. You're right (as usual)
@Venu: What Will is saying is correct. It sounds very much like reinventing the wheel. I can see the SAP flag next to your name so hope you're not billing a customer for custom development of something that definitely exists aready. AFAIK there is a standard way of using Xcelsius with many SolMan things. I have seen this in real life. Maybe it is not exact match for you, but instead of starting from scratch (from the DB tables) I would rather spend some time mining the standard (bulit by many clever people). IMO it is better for you (less work, although that can also be a problem if you are really billing a customer for this) and definitely better for the customer (use of APIs, existing coding etc.).
Google and documentation (like help.sap.com) should give you a jump start.
cheers Otto
09-30-2013 12:39 PM
10-01-2013 10:48 AM
HI Rahul,
Thanks for the response.
I think thread not relevant for my requirement.
Regards,
Venu
10-14-2013 3:23 PM
The EWA, which contains among other topics a security chapter, shows strong recommendations from SAP. You cannot adjust the checks.
The SOS produces an extensive analysis about security configuration and about critical basis authorizations. Using a questionnaire you can adjust the result concerning the critical basis authorizations.
Both reports are system specific. There is no way to consolidate the results from multiple systems into a joint report (maybe except for the alerts of the EWA which you can access somehow).
That means if
than you are ready to go for the application Configuration Validation of the SAP Solution Manager!
See
Configuration Validation Details and Best Practice
http://wiki.sdn.sap.com/wiki/display/TechOps/ConfVal_Home
On https://service.sap.com/sos you can find the presentation AGS Security Services - Check Configuration & Authorization in the Media Library which describes the features of EWA/SOS and ConfigVal concerning security.
Kind regards
Frank
12-22-2015 5:35 PM
HI, I have the same problem.
I have 40 EWA´s reports from 40 different systems and since EWA is run every week, it is very time consuming reading one by one.
It would be nice to have one general Dashboard where you can see the alerts instead of readiing 30 pages documents.
No one seems to get the original question. I am still looking how to create this automated dashboard.
12-22-2015 9:55 PM
Please review my answer above about the application Configuration Validation. This is the tool you are looking for to create cross-system security validation reporting including the option to feed results into dashboards.
Kind regards
Frank