Disable Initial Password Reset.
Hello; Is it possible to set that the user do not change the initial passwordwhen created or even if the SAP Administrator reset it, the first timethe user log on the system. Thanks; Ali Gumusoglu
View ArticleIssues after import of transports with updated roles
Hi experts, I have the following issue: After the import of new transports with updated roles and profiles into a system, RFC users with the updated Roles get authorization errors. Transport Log and...
View ArticleAuthorization groups in MM01
I'm trying to restrict material creation by material type, but with no positive results.First I created an authorization group via SE54 and then asigned it to the material type via T134. Then I add the...
View ArticleClik here to view.
How to control tampering the Server Response and Request.
Dear Experts, An Adversary can bypass the login page by manipulating the response coming from server.Capturing the Success response and request from the server to the client using Proxy tool.The...
View Articleunable to delete Role from User ID in SAP SOLMAN production system but able...
unable to delete Role from User ID in SAP SOLMAN production system but able to from DEV with the same authorization, pls suggest
View ArticleEHP 7 - Recommended Security Approach?
This is my first experience with an Enhancement Pack implementation, so please forgive me if my questions are very basic. Our company implemented EHP 5 and is now moving to EHP 7 for ECC and I was not...
View ArticleHow to use one PSE with multiple URLs?
I need to hit my DMZ SAP Web Dispatcher with multiple unique URLs. I am starting off using webdisp1.abc.com and webdisp2.vde.com. DNS will resolve both the Web Dispatcher Host. Following Tobias...
View ArticleRecommended Settings for the Security Audit Log (SM19 / SM20)
Hi Security-Folks, I like to discuss with you the recommended settings for the Security Audit Log (SM19 / SM20). Here's my proposal: Profile Parameters: rsau/enable = 1rsau/selection_slots =...
View ArticleHow to restrict users for create to PM notification and order 1 months earlier?
Hi everyone,i have requirement as follow;the users should not create any notification or order before one months earlier. How can perform it?
View Articlehow to restrict bypassing of authentication
HI experts, we have second factor authentication involved in our portal product , by using hacking tool burp Suite im able to capture the response and request coming from the server .Case 1 : user have...
View ArticleHow to restrict the Request and Response process in that cookies should be...
Dear Experts,Please any one can help me i am getting one security issue.Some third party tools using and hacking the Request and Response of the Server.That time there taking one successfully Request...
View ArticleClik here to view.
webservice call failed during execution (SSL and certificates) on NetWeaver 7.30
Hey experts, i need your help! We make webservice calls to sap me with our own software. We connect to our software via SSL and certificates e.g. https://host:50001/XMII/CM/POD/MEDialogsWeb.irptAt the...
View ArticleFirewall between SAP application and database.
Hi, 1. I plan to install Biller Direct Java instance and MS SQL server database across the firewall. Would that be an issue? What ports should be open for installation?2. The R3 back end is also in the...
View ArticleJob role design - transaction role and auth object role
Hi all, please kindly comment following job role design: (1) transaction role:Keep transactions in single job role to represent business processes in different application areas, e.g.MM: maintain PR,...
View ArticleSCU3 Activity 02 on S_TABU_DIS Auth Group SA?
Hi, We recently moved from EHP5 to EHP7 and an additional check is done when using transaction SCU3 for S_TABU_DIS / Group SA / Activity 02. We have 2 Z tables maintained by our data team; 2 Z...
View ArticleAuthorization to limited Master data to Users
Dear Experts, We have a requirement from our client with regards to Authorization of Master data Example:Indian users can only able to access Indian company code data (Vendor,material or customer...
View ArticlePFCG - change authorisation is not showing
Hi,i have created another user by copying my id through SU01 in BW 7.0 . But when the new user is going to PFCG and try to chnage any role only following tab is showing description menu authorsation ,...
View ArticleNW 7.3 SSO to SuccessFactors
Anyone come across the following issue with single sign on between SAP and SuccessFactors? Caused by: dk.itst.oiosaml.sp.model.validation.ValidationException: The assertion must contain the service...
View ArticleLog Out Activity Report
Is there a way to run an activity report on the exact time a user has logged out of the system? Also, where would I view "idle" minutes or seconds set in SAP to automatically logs a user out of the...
View ArticlePassword Encryption
Hi experts ,In my logon module , after user name and password verification from the UME data base , we are usingthis code...
View Article