SAP Basis Fiori Permissions for tile groups in PFCG

Direkt zum Seiteninhalt
Fiori Permissions for tile groups in PFCG
Migration
Remove weak password hashes from the system: Only updating the profile parameter does not provide you with the necessary security. There are still many weak hash values in your database that can be used to attack your system. These must be completely removed from the database. To do this, use the report CLEANUP_PASSWORD_HASH_VALUES. To do this, call the transaction SA38 and enter the name of the report in the input field. Run or F8 executes the programme and cleans your database Report CLEANUP_PASSWORD_HASH_VALUES This programme removes the outdated hash values across all clients. Have you already experienced this attack method or any other comments on this topic? Share your experiences with us in the form of a comment under this article.

The SAP Basis Plug-In is backward compatible and follows the release and maintenance strategy of the SAP R/3 Plug-In. SAP delivers it together with the SAP R/3 Plug-In. For more information, see SAP Service Marketplace at basis-plug-in → SAP Plug-In → SAP Basis Plug-In → Releases.
USE OF SECURE NETWORK COMMUNICATION
Overall, the application layer is the link between the database layer on the one hand and the presentation layer on the other. Thus, the applications on the application layer request required data from the database in order to process it afterwards.

It should be mentioned here that it only makes sense to access the tables by reading the SELECT statement to get a quick view of the results. Using the DBACOCKPIT, it is not possible to create entire table structures using Create Table. For such applications, SAP provides other, better options. Another important point is that once a user has the necessary permissions to use the transaction DBACOCKPIT, it can potentially (with appropriate permissions on the tables) access the entire SAP system. For example, a query can be used to read the entire user table. Therefore, the transaction should always be treated with caution and only awarded to administrators. DBACOCKPIT handles the call control permissions similar to the SE16 / SE16N transaction. When the table is called, the S_TABU_DIS or S_TABU_NAM permission object is checked with a specific activity. This means that only the tables or table permission groups for which the corresponding values in the aforementioned permission objects are assigned can be accessed. You can read more about assigning permissions to individual tables here. In addition, you can save SQL statements that you run once, and run them again at any time to recognise changes in the result set without having to reformulate the SQL statement each time. The editor also allows you to start the query for SQL statements in the background. The result is obtained by calling the transaction SM37, in which the result is output in a spool file.

"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP base.

The latter two override ztta/roll_extension if used and offer the possibility to set different quotas for dialogue and non-dialogue work processes.

In addition to interfaces between system elements, Basis includes a development environment for R/3 applications, a data directory, and user and system administration and monitoring tools.
SAP Corner
Zurück zum Seiteninhalt