- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Remoteaccess to Visual Administrator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Remoteaccess to Visual Administrator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2008 1:59 PM
Hello,
we have a Portal 7.0 and a lot of consultants have installed the visual binaries on their pc and are now able to configure/change things in the visual administrator. For production system we are planning to reduce this access. Can someone tell me with role/authorization you need to access the visual administrator? Is it possible change the security in the way, that no remote login is allowed?
Thanks
Alexander
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2008 12:55 PM
Hi,
1. If your visual administrator (P4 Port) is accessable and not protected by any firewall you will not be able to restrict the physical access from outside. This access should only be possible from within your company network so I guess all the consultants who are accessing the J2EE using a local visual admin are located on the internal network and have a direct TCP Connection to the engine. If you know the IPs restrict the access using a firewall or just allow the access from a couple of hosts (e.g only yours) This only works if you have a static IP or if you can make sure that if you are using DHCP the DHCP Server always assigns the same address to your machine
2. Let's assume you are not able to restrict the physical access to the engine than you can still restrict the access on a user base. In order to access the Administration you have to be aware of any user within the j2ee who has appropriate administration rights (e.g. the Administrator user)
If the consultants know the Administrator password you should change it using the configtool (modify the password in secure store etc.)
If they have personalized users than just remove all the administration rights. Without administration rights a user is not able to access the J2EE Administration (You will get an error message in the status bar saying "Error while connecting")
Cheers
Marcel
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-10-2008 4:11 PM
Hi Alexander.
I am wondering why you allow many developers to do changes in Visual Admin.
What I would suggest for the golive is to revise the way you are working.
Maybe look into using Netweaver Developer Infrastructure for managing the changes in the Java application servers and to look into the Netweaver Developer Workplace for the developer, Here they get their own first java instance to deploy into. This is my guess of why these developers need access to Visual Admin. It should only be used by the "Basis guys"!
If you search in SDN and at the help pages you will find lots of information about these tools/components.
Best of luck to you and your project!
/fredrik
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2008 12:55 PM
Hi,
1. If your visual administrator (P4 Port) is accessable and not protected by any firewall you will not be able to restrict the physical access from outside. This access should only be possible from within your company network so I guess all the consultants who are accessing the J2EE using a local visual admin are located on the internal network and have a direct TCP Connection to the engine. If you know the IPs restrict the access using a firewall or just allow the access from a couple of hosts (e.g only yours) This only works if you have a static IP or if you can make sure that if you are using DHCP the DHCP Server always assigns the same address to your machine
2. Let's assume you are not able to restrict the physical access to the engine than you can still restrict the access on a user base. In order to access the Administration you have to be aware of any user within the j2ee who has appropriate administration rights (e.g. the Administrator user)
If the consultants know the Administrator password you should change it using the configtool (modify the password in secure store etc.)
If they have personalized users than just remove all the administration rights. Without administration rights a user is not able to access the J2EE Administration (You will get an error message in the status bar saying "Error while connecting")
Cheers
Marcel
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2008 2:14 PM
Restrict the role sap_j2ee_admin, Administartor group on UME. Also, as Marcel suggested, change the passwords for j2ee users like j2ee_admin.
- SAP Managed Tags:
- Security
