ITPub博客

首页 > Linux操作系统 > Linux操作系统 > SAP PARAMETER之User security相关

SAP PARAMETER之User security相关

原创 Linux操作系统 作者:happyland 时间:2011-07-06 15:47:31 0 删除 编辑

Simple changes can rise your system security. Usage of SAProuter is a good choice when correctly implemented. Login through SAP LogonPad (from version 3.0f onwards) improve the access control. SAP profile parameters shall also contain:

Rdisp/gui_auto_logout = 1800
The user connection is closed after 30 minutes without usage. This parameter is deactivated by setting the value to 0.

Login/fails_to_session_end = 3
After 3 wrong password the connection is automaticly closed.
The default value is 3, can set it to any value between 1 and 99

Login/fails_to_users_lock = 5
After 5 wrong password the user is locked. The default value is 12. Possible values are form. 1 to 99.

Login/min_password_lng = 6
Password length at least 6 characters.

Login/password_expiration_time = 90
Password expires after 3 months.

login/system_client

login/no_automatic_user_sapstar
Disables special properties for for user SAP*, when this parameter is set to a value greater than 0

auth/no_check_in_some_cases
This parameter is set to switch off special authorization checks by customers and is the main parameter for activating the Profile Generator Tool. Values can be either Y(yes) or N(no)

对于Parameter : auth/no_check_in_some_cases再看看更详细的说明 《Note:416016》
Parameter description :
This parameter must be set to "Y" if you are using the profile generator.

The profile generator uses the authorization default values that you can manage with Transaction SU24.This transaction is also used to suppress certain authorization checks for selected transactions.

Note:
If you deactivate authorization checks using Transaction SU24, the users can carry out activities without the required authorizations.

Nevertheless, it could be useful to reduce the extent of the authorization check in the following cases, for example:

1. You are not using the authorization object connected to the authorization check (for example, you may need HR authorizations in FI even though you are not actually using the HR SAP system).
2. The authorization check for the S_TCODE object still protects the core transaction.(However, bear in mind that the authorization check S_TCODE provides only a very general level of protection.This is not a sufficient reason to suppress an authorization check.)
3. You want to avoid admitting all values (*) for all authorization fields in the authorization object.



Link URL: http://happyland.itpub.net/post/4163/101607

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/148866/viewspace-701500/,如需转载,请注明出处,否则将追究法律责任。

上一篇: SAP系统的SID变更
请登录后发表评论 登录
全部评论

注册时间:2011-01-01

  • 博文量
    18
  • 访问量
    76759