《SAPAuditInformationandApproach.docx》由会员分享,可在线阅读,更多相关《SAPAuditInformationandApproach.docx(63页珍藏版)》请在优知文库上搜索。
1、SAPAUditInfor1.natiOnandAPPrOaChAUthOriZationEXamPIe1. UserMasterRecordUser:FrankW.1.yonSPrOfi1.e:EXamPIe2. Profi1.e:Examp1.eObject:AUthoriZatiOns:S_ProgramABAP:3. Authorization:ABAP:Object:S_ProgramVaIUes:Fie1.ds:*ProgramGroupSUBMIT,VARIANTActivityAuthorizationSystem:1. Profi1.esOneormoreassignedto
2、auser2. ObjectsMustbeuniquenameswithoneormorefie1.ds3. Fie1.dsContainva1.uesforauthoritychecking4. Author!zationsCanhavethesamenamesastheyarephysica1.1.yandphysica1.1.y1.inkedtoanobjectFie1.dgroupforanobjecthasmu1.tip1.eva1.uesandcanbesharedacrossobjectsInitia1.Defau1.ts1. Initia1.C1.ients C1.ientOO
3、OStandardmode1. C1.ient001Mode1.foruserdefinedc1.ients,(temp1.ate)2. Initia1.UserIds SAP*Defau1.tsuperuser.Ausermasterrecordiscreatedduringinsta1.1.ationbutitisnotneededbySAP*toaccessthecomp1.etesystem.IftheSAP*masterrecordisde1.eted,theSAP*accounthasthefo1.1.owingspecia1.privi1.eges: Itisnotsubject
4、toauthorizationchecksandthereforehasa1.1authorizations IthasthepasswordPASS”,whichcannotbechangedwithoutcreatinganewusermasterrecord. Topreventde1.etion,assignSAP*usertoagroupca1.1.edSUPERandon1.ysuperusershou1.dbeab1.etomaintainusergroupSUPER.3. Initia1.SecurityParametersParametersforuser1.ogon1.og
5、in/min_password/1.ngMinimumpassword1.engthdefau1.tis(3)1.ogin/password_expiration_timoNumberofdaysafterwhichapasswordmustbechanged.Thedefau1.tiszero,whichdoesnotenforcepasswordchanges.Recommendedva1.ue=45.1ogin/fai1s_to_session_endNumberoftimesausercanenteranincorrectpasswordbeforethesystemendsthe1.
6、oginattempt.Thedefau1.tis(3).1.ogin/fai1.s_to_user_1.ockNumberoftimesausercanenteranincorrectpasswordbeforethesystem1ockstheuseragainstfurther1.ogonattempts.Thedefau1.tis(12).Recommend(3).Whenapasswordis1.ockedinthismanner,itisautomatica1.1.yun1.ockedbythesystematthestartofthenextday(midnight).Addin
7、gUsers1. Eachusermusthaveamasterrecord.2. Eachusermasterrecordreferstooneormoreprofi1.esthatdeterminetheaccessrightsfortheuser.3. Masterrecordcontains: UserID Password Usergroups Usertype Periodofva1.idity referencestoauthorizationprofi1.esMasterrecordscanbede1.etedbutitwi1.1.affecttheaudittrai1.Bet
8、terto1.ocktheuser,smasterrecordMenuPath:Too1.s-Administration-UserMaintenance-User-1.ock/Un1.ock.4. UserGrouprecords.Tfauserthenanyuserusermasterrecord.Tfapersonisassignedtoausergroup,on1.ytheadministratorswhoareauthorizedforthatusergroupcana1.terusermasterisnotassignedtoagroupadministratorcana1.ter
9、theAddingProfi1.esProfi1.esandAuthorizationsexistinbothmaintenanceandactiveversions.A1.1.owsforupdatestomaintenancebeforeitisactivated.Separationofmaintenanceandactivationfunctions.1. SystemProfi1.esSAPStandardandSuperUserProfi1.esSA.SYSTEMUn1.imitedaccesstoa1.1users,profi1.es,andauthorizationsS_A.A
10、DMINAuthorizationsforSAPsystemadministration.Thisinc1.udesa1.1.authorizationsexceptfor:MaintenanceofusersinusergroupSUPERS_A.CUSTOMTZS_A.DEVE1.OPS_A.USERMaintenanceofprofi1.esandauthorizationswithnamesbeginning“S_A.AuthorizationsforuseintheSAPCustomizingsystemAuthorizationsforuseintheSAPDeve1.opment
11、environment(exc1.udesanyuserorpro)Basissystemauthorizationsforend-users(e.g.,S_Program,S_DBC_MONI,etc.2. StartupProfi1.esProDescriptionS_ABAP_A1.1.A1.1.ABAP/4authorizationsS_ADMT_A1.1.A1.1systemadministrationfunctionsS_BDC_A1.1.A1.1.batchinputactivitiesS_BTCH_A1.1.A1.1.batchprocessingauthor!zationsS
12、_DDIC_A1.1.DDIC:A1.1.authorizationsS_DDIC_SUDataDictionary:A1.1.authorizationsS_NUMBERNumberrangemaintenance:A1.1authorizationsS_SCD0A1.1.Changedocuments:A1.1authorizationsS_SC即_A1.1.A1.1SAPscripttext,sty1.es,1.ayoutsetsmaintenanceS_SPOO1._A1.1.S_SYST_A1.1.S_TABU_A1.1.S_TSKH_A1.1.S_USER_A1.1.SAIA1.1
13、.A1.1.spoo1.authorizationsA1.1.systemauthorizationsStandardtab1.emaintenance:A1.1authorizationsA1.1systemadministrationauthor!zationsUsermaintenance:A1.1.author!zationsProvidesun1.imitedaccesstomaintaina1.1SAPR/3systemauthorizations,withthefo1.1.owingexceptions:MaintenanceofusersinusergroupSUPERMain
14、tenanceofprofi1.esandSAP_ANWENDSAP_NEWZ_ANWENDauthorizationswithnamesbeginningS_USERA1.1.SAPR/3(exc1.udingsystem)app1.icationauthorizationsProvidesun1.imitedaccesstoa1.1.authorizationsaddedwithnewre1.easesofSAPR/3.A1.1userauthorizations(exc1.udingBCsystem)3.Profi1.esandtheirassociatedauthor!zationva
15、1.uesetsarestoredinUSRxxtab1.es.AddingAuthorizationsAuthorizationobjectsareusedtocheckauser,SauthoritytoperformactionsandaccessdatainR3.Auser,sactionisapprovedon1.yiftheuserpassestheauthorizationtestforeachfie1.d1.istedinanobject.1. AuthorizationObjects SAPcontainsanumberofauthorizationobjectsthatareusedtorestricttheabi1.ityofuserstoperformcertainfunctionsandaccessinformation.Authorizationobjectscancont
免费区 