@GainingHub
@GainingHub
@GainingHub
@GainingHub
@GainingHub
Task Task Profiles : define what type of activities or Profiles in tasks a user or a team of users can perform for BPC example – Manage Security, Manage Models, Manage Audit, Manage Environment status etc. Data Access Profiles : define the specific models and data within the models to which user have access. Access rights that can be assigned to set of members ( Write, Read Only & Denied). It is formerly known as member access profile. @GainingHub
BPC WEB SECURITY ENVIRONMENT • We have “ENVIRONMENT”, “TEAMS”, “TASK TEAMS PROFILES”, “DATA PROFILES” TASK PROFILE DATA PROFILE • Roles are automatically generated when BPC consultant create a TEAMS and TASK PROFILE / DATA PROFILE on web client. • When we assign “TEAMS” roles, automatically all task profile and data profile assigned to the user. • We can explicitly also assigned the task profile and data profile with help of auto generated roles by the system Tables : UJE_USER_AGR UJE_PROFILE_AGR UJE_TEAM_AGR @GainingHub
WORKBOOKS • A workbook is a container which can hold ‘n’ of BEX queries. There are two type of workbooks: • Input Workbook ( used for planning) • Reporting workbooks ( used only for reporting, display data) S_RS_AO is an authorization object in which we define the workbook name so that it can be visible to end user in Analysis office. @GainingHub
Authorization for Analysis Office BICS_CONS_SET_GET_SESSION_PROP BICS_PROV_CLOSE @GainingHub BICS_PROV_MASS_CLOSE BICS_PROV_MASS_GET_INIT_STATE BICS_PROV_MASS_OPEN BICS_PROV_SET_INPUT_ENABLED BICS_PROV_SUBMIT_VARIABLES RFC1 RFCPING RFC_GET_FUNCTION_INTERFACE RSAO_BICS_CLOSE RSAO_BICS_OPEN RSAO_BICS_SESSION_INITIALIZE RSAO_CORE RSBOLAP_BICS RSBOLAP_BICS_CONSUMER RSBOLAP_BICS_PROVIDER RSBOLAP_BICS_PROVIDER_MASS RSBOLAP_BICS_PROVIDER_VAR RSBOLAP_BICS_STATISTIC_INFO RSOBJS_GET_NODES RSOBJS_RFC_INTERFACE SDIFRUNTIME SYST SYSTEM_RESET_RFC_SERVER SYSU BICS_PROV_GET_RESULT_SET BAPI_MESSAGE_GETDETAIL BATG BICS_PROV_GET_MEMBERS FUNC BICS_PROV_MASS_SET_STATE DDIF_FIELDINFO_GET FUGR BICS_PROV_VAR_GET_VARIABLES BICS_CONS_CREATE_DATA_AREA BICS_PROV_OPEN BICS_PROV_VARIANT_GET_CATALOG BICS_CONS_DATA_AREA_COMMAND BICS_PROV_VAR_SET_VARIABLES BICS_CONS_CREATE_PLANNING_SEQU BICS_PROV_GET_EFFECTIVE_SELECT BICS_PROV_GET_INITIAL_STATE BICS_PROV_SET_STATE BICS_PROV_GET_DATA_CELL_MASK BICS_PROV_VARIANT_SET_VARIANT BICS_PROV_VARIANT_GET_CONTENT BICS_PROV_GET_DATACELL_DETAILS BICS_CONS_EXECUTE_PLANNING_SEQ RFC_METADATA_GET RFC_METADATA BICS_PROV_VAR_GET_HIERARCHIES BICS_PROV_GET_HRY_ROOTS BICS_PROV_GET_HRY_NODES RSAO_BICS_SAVE SUSR_USER_CHANGE_PASSWORD_RFC SUSO BICS_PROV_GET_HIERARCHY BICS_PROV_SET_HIERARCHY BICS*
Saving Workbook to Role Folder @GainingHub
STEPS INVOLVED @GainingHub
BI Security Setup S_BI-WHM_RFC is a profile; BWREMOTE access needed to extract from an OLTP system. The profile also provides the access required for staging steps to get the data into InfoCubes. S_BI-WX_RFC is a profile; BWALEREMOTE access needed to connect and send data to the BI system. @GainingHub
Planning in BI • BI Planning allows business experts to accelerate the decision-making process, predict future trends based on historic analyses, uncover hidden or complex relationships between data, and provide all decision makers with a central point of access to data and information. • Use transaction RSPLAN to access the Integrated Planning modeler. This transaction links to the web-based tool. There are two planning tools in BI: • BW-BPS (Business Planning and Simulation) • BI Integrated Planning, a solution that is completely integrated into the BI system. • In BI Integrated Planning, most of the BEx and OLAP analysis functions are available for planning applications. In comparison to BW-BPS, you require fewer objects @GainingHub
SOS ( Security • The Security Optimization Service is designed to Optimization check the security of your SAP system. Service) • This service comprises a system analysis and the resulting recommendations for system settings. • It addresses system and customizing settings that impact your system security. • It focuses on internal and external system security. • To improve the internal security, many critical authorizations of the basis are checked Reference link: cehupttropitrsyt:/-/o/bpltoimgsiz.saatipo.nco-smer/v2i0c2e0-s/o0s6-/s1e7cu/irnittyro-hdeuaclttiho-nc-hteoc-kse-r chuttrpitsy:-/o/bpltoimgsiz.saatipo.nco-smer/v2i0c1e9-r/e0p4o/r1t6-s/ohso/w-to-extract-se @GainingHub
@GainingHub
SAP Early Watch • SAP Early Watch Alert is an Alert automatic service analysing the essential administrative areas of an SAP system. • Alerts indicate critical situations and give solutions to improve performance and stability. • SAP EWA can be produced by SOLMAN. @GainingHub
Security htyt-tppas:t/c/hb-lporgosc.esassp-.fcaoqm/ /2012/03/27/securi Patch Process @GainingHub
IMG Authorization – SPRO_ADMIN The requirement is to create config roles based on various SAP Functional modules Execute tcode: SPRO_ADMIN and click on create , since we are creating IMG project for SD role, let’s give the project name : SD Give the project title as SD Project @GainingHub
Go to the Scope tab and specify the project scope System will prompt with “Select IMG nodes” popup. Go to Sales and distribution: Expand it and select the node Generate the project @GainingHub
Go to PFCG tcode, create a new role name and navigate to menu tab. Select menu options Utilities Customizing_Auths Select IMG Project - SD @GainingHub
SAP TABLES ( Transaction – SE16N / SE16) SAP TABLES Description TACT All possible activities TACTZ Valid Activities for each authorization object AGR_USERS Users assigned to the roles USR02 Last logon of users & lock / unlock USR04 Profile assigned to user USR21 To know the personnel no TSTCA Mandatory authorization object linked to transaction code USR40 Password entries TCDCOUPLES Table for calling transactions TSTC Tables code link to ABAP program TOBJ Table for org level field RSECVAL Table for analysis authorizations @GainingHub
@GainingHub
@GainingHub
SAP TRANSACTIONS / Authorization Objects TRANSACTIONS DESCRIPTION SU56 USER BUFFER ( Which contain all transaction/authorization objects) SU3 User can maintain the Address, Defaults, and Parameters tab for self. S_BCE_68001402 Display users with incorrect logons RSU01 Directly assign the Analysis Authorization S_RSEC Authorization object for protecting change in analysis authorization RSPLAN Planning function RSOSM Generating BW Search Engine RSD1 Info Object Details RSA1 Data Warehouse Modeling RSECAUTH Analysis Authorization @GainingHub
SAP Reports Description User comparison in PFCG SAP SECURITY REPORTS To delete the duplicate entries PFCG_TIME_DEPENDENCY Comparing user roles PRGN_COMPRESS_TIMES Report for Standard user password change RSUSR050 RSUSR003 @GainingHub
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175