Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Solman EWA security parameters

0 Kudos

HI,

I need to automate EWA report in dashboard and for that i need the related targets, queries or tables which basically use to generate EWA.

For example I need information on security:

Super User Accounts ,Users Authorized to Reset or Change User Passwords ,
Users Authorized to Display Other Users Spool Request , Users Authorized to start all Reports,Users Authorized to Display all Tables. which basically get in any EWA report.

Could you please suggest the what are the tables or queries.

Thanks,

Venu

1 ACCEPTED SOLUTION

Former Member
0 Kudos

Hi Venu,

To save you having to reinvent the wheel, why don't you look at the SAP Security Optimization Service?

http://wiki.scn.sap.com/wiki/display/SM/Overview+and+How-to+on+Security+Optimization+Self+Service

13 REPLIES 13

Former Member
0 Kudos

Hi Venu,

To save you having to reinvent the wheel, why don't you look at the SAP Security Optimization Service?

http://wiki.scn.sap.com/wiki/display/SM/Overview+and+How-to+on+Security+Optimization+Self+Service

0 Kudos

Hi Will,

Thanks for the quick response.

I had gone through relevant docs in forum but i really didn't understand the way Solution manager works for Early watch reports.I am working on a assignment where i need to automate Xcelcius dash board(For multiple systems)  with latest EWA updates.Generally we get EWA alerts every week as seperate file but i am finding difficulty in identifying the relevant sources for EARLY WATCH REPORT KPI'S .

Example : For technical operations either in solman system or in manged system will have some tables or infocubes to feed data to EWA and also similarly for all other parameters there must be one source/table or multiple sources/tables.

Is there anyway to find out the relavant EWA KPI's easily?these are required to automate the dashboard.

I have got relevant KPI's in the below link that i need for security but i am not sure  how to make use as source for dashboard

Security Optimization self service questionaire  :http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/02b32111-0c01-0010-1fba-853ba527f...

Your response is highly appreciated.

Thanks,

Venu

0 Kudos

Ah OK - I don't know anything about Xcelsius, but if I were looking to incorporate EWA type reporting into a dashboard, I would still look at the SOS service, and whether it is possible to read the output of that report into your dashboard. That way you could just schedule the report to run in the managed systems and benefit from the queries that SAP have already created (plus a whole load more that would really please your auditors).

But if you want to do it yourself, check out the USR* tables - there are many of them so I will leave you to work out which ones you need.

Bear in mind that:

1) In many cases, you're going to need to look for a combination of authorizations for the user to be able to do something, for example the user needs an S_TCODE value as well as one or more auth objects and field values in order to be able to "create a user".

2) That there may be several different TCodes that a user can use to achieve the same action. For example, everybody thinks of SU01 and SU10 as user maintenance transactions, but there are several others that could be used instead. Your queries would need to capture all of these.

The SOS report output tells you what the query looked for, so it would be very helpful to run it once in order to help create your own.

0 Kudos

Hi Will,

Thanks for the reply.

Will i get any standard bw reports for early watch reports?my intention is to feed these standard/customized queries to Xcelsius.

For example above security parameters,Do we have any standard source or targets/queries in BW.I have deeply gone through system but i didn't find any standard queries for this but EWA will

The main idea is to automate all the  EWA's but at the moment BI is in solman system and later both will be sepearted.

In this scenarion please suggest best possible solution.

Regards,

Venu

0 Kudos

Hi Venu,

Whether you use Earlywatch or the SOS service, you'll get the standard reports for that service on whichever managed systems you run them on. I don't recall anything specific to BW, other than the standard "how many users are super users" type of thing, but others may correct me.

The SOS service is very quick to set up - it took me about 1 hour to hook up a sandbox system the first time I did it, so why not give it a try and see how you get on? Alternatively, you should have some EWA reports already that you can go back through?

0 Kudos

Hi Will,

Thanks for the quick response.

I am new to the solution manager so my questions seems to be simple to you but please try to bare with me.

As I said above ,i need to build dashboard template for all the systems(Basically this dash board contains all KPI"s of EWA for 20 production systems) and the frequency of EWA is weekly,daily &monthly for all  and it should be graphical user interface with nice dashboard.Here the source is Global solution Manager where it connects to all the managed systems.

For this Scenario i choose BW as source and on top of that Xcelsius as reporting tool to build dashboard.

But what i understand that  we can also generate dashboard in solman but i don't know how to identify and integrate EWA KPI's as an app for the existing dashboard in Solman and whether the  solman graphical dashboard is user friendly or not?

1)Will i get standard reports for EWA's  KPI to build dashboard in the solution manager ?if yes, please suggest the procedure

2)s there any way to identify EWA KPI's in Solman?

Thanks in Advance,

Regards,

Venu

0 Kudos

Hi Venu,

Apologies for any confusion, I think you are asking one question and I am answering another .

I don't know about dashboards, so I do not know about any reporting functionality that might be available to you as standard.

If you are trying to find where to get the information needed for the EWA / SOS KPI's then yes, the information you need to create those queries is stored in tables in your managed systems. For example, look at the USR* tables for some useful user related information.

But I think you are actually asking if there are any pre-existing dashboard queries, in which case, sorry, I can't help you.

0 Kudos

Hello gentlemen,

@Will: Xcelsius, SAP GUI, Adobe forms, NWBC -> all the same, just UIs. That does not change any of the points you have raised. You're right (as usual)

@Venu: What Will is saying is correct. It sounds very much like reinventing the wheel. I can see the SAP flag next to your name so hope you're not billing a customer for custom development of something that definitely exists aready. AFAIK there is a standard way of using Xcelsius with many SolMan things. I have seen this in real life. Maybe it is not exact match for you, but instead of starting from scratch (from the DB tables) I would rather spend some time mining the standard (bulit by many clever people). IMO it is better for you (less work, although that can also be a problem if you are really billing a customer for this) and definitely better for the customer (use of APIs, existing coding etc.).

Google and documentation (like help.sap.com) should give you a jump start.

cheers Otto

rahul_kumar46
Explorer
0 Kudos

This message was moderated.

0 Kudos

HI Rahul,

Thanks for the response.

I think thread not relevant for my requirement.

Regards,

Venu

Frank_Buchholz
Advisor
Advisor
0 Kudos

The EWA, which contains among other topics a security chapter, shows strong recommendations from SAP. You cannot adjust the checks.

The SOS produces an extensive analysis about security configuration and about critical basis authorizations. Using a questionnaire you can adjust the result concerning the critical basis authorizations. 

Both reports are system specific. There is no way to consolidate the results from multiple systems into a joint report (maybe except for the alerts of the EWA which you can access somehow).

That means if

  • you already know what to check (maybe because you have used the EWA/SOS for a while;-)
  • you want to verify your systems against your own Corporate Security Policy which differs from SAP rules
  • you want to validate all of your systems within one step
  • you want to push the results into dashboards or alerts

than you are ready to go for the application Configuration Validation of the SAP Solution Manager!

See

Configuration Validation Details and Best Practice

http://wiki.sdn.sap.com/wiki/display/TechOps/ConfVal_Home

On https://service.sap.com/sos you can find the presentation AGS Security Services - Check Configuration & Authorization in the Media Library which describes the features of EWA/SOS and ConfigVal concerning security.

Kind regards

Frank

AlfredoMurguía
Explorer
0 Kudos

HI,  I have the same problem.

I have 40 EWA´s reports from 40 different systems and since EWA is run every week, it is very time consuming reading one by one.

It would be nice to have one general Dashboard where you can see the alerts instead of readiing 30 pages documents.

No one seems to get the original question.  I am still looking how to create this automated dashboard.

0 Kudos

Please review my answer above about the application Configuration Validation. This is the tool you are looking for to create cross-system security validation reporting including the option to feed results into dashboards.

Kind regards

Frank