05-15-2008 10:46 PM
Hello,
Can someone identify the transactions and process in providing the security administrator access to reports that identify "failed logons"
This is new to me in setting up and would appreciate any feedback on how to get started
What is the process in establishing the security audit log to capture security information and what impact does it have on the system; I do not believe our system has this turned on
Also, appreciate information on ALL transactions and their purpose that would be beneficial to a security administrator other than SU01 and PFCG
Thanks
Jerry Synoga
Ryerson,Inc.
05-16-2008 11:11 AM
Hi Jerry,
Failed logins you can see users & their number of failed logins from report S_BCE_68001402 (SUIM->User->unsuccessful logins)
This will also tell you which ones are locked due to this.
For more info on each failed login event then you need security audit log switched on.
Security Audit log everything you need to know is here (how it works, how to set it up etc) http://help.sap.com/saphelp_nw04/helpdata/en/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm
If you have a properly sized system then there is negligable performance system. The log files often take a fair bit of space but this is entirely dependent on what you log (you can choose - info is in the link), how many users you have, what those users do.
Security Transactions
From a technical side there are plenty, the more you learn about security, the more that are useful.
A few that I regularly use in addition to func transactions:
SU01, PFCG, PFUD, SUPC, SE16, SM30, SE84, SE38, SU24, ST01, SU53, SPRO, ST03N, SE54, SE97, SE93. SU21, SE10, SUIM, SQVI, SP01
There are also hundreds of func tx which it is useful to understand, especially from a risk perspective.
05-16-2008 11:54 AM
Hello Jerry Synoga,
Following is a list of transactions useful for every SAP Secirity Professional. I have prepared this list after a lot of research. Hope it will be a useful resource for you.
@Everyone, if you know any more transactions, please update the list.
SAP Security Transaction Codes for an End User
-
T-Code Purpose
-
SU3 Set address/defaults/parameters
SU53 Display last authority check that failed
SU56 Display user buffer
SAP Security Transaction Codes for Role Administrator
-
T-Code Purpose
-
PFCG Maintain roles using the Profile Generator
PFUD Compare user master in dialog.
SAP Security Transaction Codes for User Administration
-
T-Code Purpose
-
SU01 Maintain Users
SU01D Display Users Display Users
SU10 Used for User mass maintenance
SU02 To Manually create/Edit profiles
SU03 creation of authorizations manually
SAP Security Transaction Codes for Profile Generator Configuration
-
T-Code Purpose
-
RZ10 Maintain system profile parameters.
SU25 IMG Activity
SAP Security Transaction Codes for Transports
-
T-Code Purpose
-
SCCL Local client copy (within one system, between different clients)
SCC9 Remote Client Copy (between clients in different systems) Data exchange over a network (not files).
SCC8 Client transport (between clients in different systems) Data exchange using a data export at operating system level.
SU25 Transport of Check indicators
STMS Transport Management System
SAP Security Transaction Codes for System configuration
-
T-Code Purpose
-
RZ10 Maintain system profile parameters.
RZ11 Description of system profile parameters
SM01 Lock transaction codes from execution
SAP Security Transaction Codes for Authorization Objects
-
T-Code Purpose
-
SU20 List of authorization fields
SU21 List of authorization objects (Initial screen lists by object class)
SAP Security Transaction Codes for Audit
-
T-Code Purpose
-
SE84 Information System for SAP R/3 Authorizations
SECR* Audit Information System
SAP Security Transaction Codes for Table maintenance
-
T-Code Purpose
-
SM30 Create table authorization groups (V_BRG) Maintain assignments to tables (V_DDAT)
Thanks & Best Regards,
Amol Bharti
06-03-2008 9:35 PM
Thank you everyone for your responses
They helped in determining our approach to turning on the system log to capture the more detail logon failures
Jerry Synoga
Ryerson, Inc.