Monday, November 11, 2013

Common Transaction codes for system Health Check


Transaction codes
SM51(Server Overview)
SM50(Processes Overview)
SM21(System Log)
ST22(ABAP Dumps)
DB02(Space Statastics)
SM37(Batch Jobs)
SMGW(Gateway Monitor)
SM14(Updates Overview)
SM13(Update Records)
SM66(Systemwide Work Process Overview)
DB13(Database administration calendar)
SM12(Display and Delete Locks)
SM59(RFC Connections)
ST11(Display Trace files)
ST06(SAP OS Collector Admin)
SXMB_IFR (Start Integration Builder)
SLDCHECK(Test SLD Connection)
SXI_CACHE (To Access IS runtime cache)
Posted by at No comments:

How to Maintain Parameter in Trace (ST01)


In ST01 main screen,



Click on button tools

It leads to parameters screen,Then u will get this screen
In that u should maintain the parameters.




Posted by at No comments:

CUA and IDM

IDM - Identity Management. 

Gets connected to ABAP system + NON ABAP systems + third party tools 
Adv of IDM : Self service password reset. 
IDM : can be connected and used in combination with an existing CUA. 
or if CUA is not installed ,you can directly go for IDM. 
Enables workflow-based requests for approvals, automating user provisioning 
in multiple back-end systems 
Supports LDAP directories and databases, as well as standards such as SPML 
Supports tight integration with SAP Business Suite 7.0 . 
CUA is central user administration 

Its a central system where where we maintain / create users. 
For instance : you have 30 systems installed (like ECC6.0 (dev / QA / PROD), 
SRM,BI,CRM...) 
if u get a request from client saying you need to create 50 users in 30 
systems (ie u are giving access to the users in 30 systems). 
So what you do - in each and every sytem u need to create users (user 
creation independent of other system / clients) its a tedious process. 
if at all you have central system(CUA) install,then within 3 to 5 sec you 
will be able to create 50 users in 30 system. 
it enables you to manage several thousand users and their individual role 
assignments. 
How to know that CUA is installed in ur company- Su01 -Create /change user 
-> if you notice "system tab" other than role, profile , logon...then it is 
CUA. 
CUA gets connected to all your child system (BI,SRM,ECC...) using ALE / IDOC 
method. 
CUA only get connected to ABAP systems. 
If at all user wants to reset password / unlock he needs to approach help 
desk / security team 

Cheers

Posted by at No comments:

Thursday, June 13, 2013

Sensitive Authorization Objects

Similar to my last post for Sensitive T-codes in SAP, any authorization object with certain fields value and
activity turns to be sensitive authorization object.

I have list out some of them below :
 1. S_DEVELOP ABAP Workbench
    ACTVT Activity
      With ANY of these values:
      02 Change
    OBJNAME Object name
      With ANY of these values:
      DEBUG DEBUG

 2. S_TCODE Transaction Code Check at Transaction Start
    TCD Activity
      With ANY of these values:
      "*" ( Treat * as a literal ) *

3.  S_DEVELOP ABAP Workbench
    ACTVT Activity
      With ANY of these values:
      06 Delete
      07 Activate, generate
    OBJNAME Object name
      With ANY of these values:
      * ( Treat * as a wildcard ) *

4.  S_TABU_CLI Cross-client Table Maintenance
    CLIIDMAINT Indicator for cross-client maintenance
      With ANY of these values:
      X X

5.  S_PROGRAM ABAP: Program run checks
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      EDIT EDIT
    P_GROUP Authorization group ABAP/4 program
      With ANY of these values:
      "*" ( Treat * as a literal ) *

6.  S_TABU_DIS Table Maintenance (via standard tools such as SM30)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

7.  S_USER_AGR Authorizations: Role check
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

8.  S_USER_AGR Authorizations: Role check
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

9.  S_USER_AUT User Master Maintenance: Authorizations
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

10.  S_USER_AUT User Master Maintenance: Authorizations
    ACTVT Activity
      With ANY of these values:
      07 Activate, generate
      22 Enter, Include, Assign

11.  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

12.  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT Activity
      With ANY of these values:
      06 Delete
      22 Enter, Include, Assign

13.  S_USER_SYS User Master Maintenance: System for Central User Maintenance
    ACTVT Activity
      With ANY of these values:
      59 Distribute
      78 Assign

14.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

15.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

16.  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      60 Import

17.  S_RZL_ADM CCMS: System Administration
    ACTVT Activity
      With ANY of these values:
      01 Create

18.  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
   
"*" ( Treat * as a literal ) *
Posted by at No comments:

Sensitive T-codes in SAP

We have few t-codes which come under sensitive t codes list like SU01,PFCG. But there are few T-codes in
System as well which can be classified under same when assigned with certain activity and fields values.

I have noted down few of them in below note :
SCC4 Client Administration
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      SS SS

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_CTS_ADMI Transport Organizer
    ACTVT Activity
      With ANY of these values:
      IMPA Import
      IMPS Import

SM30 Call View Maintenance
SM31 Call View Maintenance Like SM30
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SE38 ABAP Editor
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      06 Delete
      34 Write
  S_DEVELOP ABAP Workbench (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change
  S_PROGRAM ABAP: Program Flow Checks (CM)
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      SUBMIT SUBMIT

SPRO Customizing - Edit Project
  S_PROJECT Project Management: Project authorization
    ACTVT Activity
      With ANY of these values:
      02 Change
      06 Delete
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SU01 User Maintenance
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile (CM)
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

SU10 User Mass Maintenance
SU12 Mass Changes to User Master Records
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile (CM)
    ACTVT Activity
      With ANY of these values:
      22 Enter, Include, Assign

SU01 User Maintenance
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      05 Lock

SU10 User Mass Maintenance
SU12 Mass Changes to User Master Records
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      05 Lock

SU02 Maintain Authorization Profiles
  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

SU03 Maintain Authorizations
  S_USER_AUT User Master Maintenance: Authorizations (CM)
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

PFCG Role Maintenance
  S_USER_AGR Authorizations: Role Check
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02
  S_USER_GRP User Master Maintenance: User Groups
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change
  S_USER_PRO User Master Maintenance: Authorization Profile
    ACTVT ACTVT
      With ANY of these values:
      01 01
      02 02

RZ10 Maintain Profile Parameters
  S_RZL_ADM Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE06 Set Up Transport Organizer
  S_CTS_ADMI Administration Functions in the Change and Transport System
     CTS_ADMFCT Activity
      With ANY of these values:
      * ( Treat * as a wildcard ) *
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE11 ABAP Dictionary
SE13 Dictionary: Technical Settings
  S_DEVELOP ABAP Workbench (CM)
    ACTVT Activity
      With ANY of these values:
      01 01
      02 Change

SE16 Data Browser
  S_TABU_DIS Table Maintenance (via standard tools such as SM30) (CM)
    ACTVT Activity
      With ANY of these values:
      02 Change
    DICBERCLS Authorization group
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SA38 ABAP Reporting
SE38 ABAP Editor
  S_PROGRAM ABAP: Program Flow Checks (CM)
    P_ACTION User action ABAP/4 program
      With ANY of these values:
      BTCSUBMIT BTCSUBMIT
      SUBMIT SUBMIT

SE01 Transport Organizer (Extended)
SE09 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE10 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create or Generate
      02 Change

SE01 Transport Organizer (Extended)
SE09 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

SE10 Transport Organizer
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

STMS Transport Management System
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      01 Create
      02 Change

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      43 Release

STMS Transport Management System
STMS_IMPORT Import Queue
  S_DATASET Authorization for file access (CM)
    ACTVT Activity
      With ANY of these values:
      33 Read
      34 Write
  S_TRANSPRT Transport Organizer
    ACTVT Activity
      With ANY of these values:
      60 Import

SM36
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y
  S_BTCH_JOB Background Processing: Operations on Background Jobs
    JOBACTION Job operations
      With ANY of these values:
      DELE DELE
      RELE RELE
  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
      "*" ( Treat * as a literal, see the screenshot below ) *

SM36
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y
  S_BTCH_JOB Background Processing: Operations on Background Jobs
    JOBACTION Job operations
      With ANY of these values:
      DELE DELE
      RELE RELE
  S_BTCH_NAM Background Processing: Background User Name
    BTCUNAME Background user name for authorization check
      With ANY of these values:
      * ( Treat * as a wildcard ) *

SM64
  S_BTCH_ADM Background Processing: Background Administrator
    BTCADMIN Background administrator ID
      With ANY of these values:
      Y Y










Posted by at No comments:
Subscribe to: Posts (Atom)