This action might not be possible to undo. Are you sure you want to continue?
Help Desk • Determine if the help desk is effective
Records incidents reports
Determine how security administration is organized
3. Determine if proper system monitoring is performed 4. Determine if training is properly administrated 5. Determine if key system interfaces are properly controlled. 6. Obtain a list of all system users 7. Obtain a list of custom transactions • or Z • List off all transactions within the TSTC table beginning with the letters Y Tables>Data Display>Y*, and then Z*
8. Obtain a listing of all Clients • List table T001
9. Obtain a listing of all group companies • List table T042G
10. Obtain a listing of all business areas • List table TGSB and TGSBT
11. Obtain a listing of all credit control areas • List table T014 and T014T
12. Obtain a list of all charts of accounts • List table T004 and T004T
13. Obtain a listing of all plants
TVBVK. ABAP programs Review ABAP programs to ensure that all system function calls are authorized. and TVKBZ 22. . System function calls allow are Unix commands that are passed to the operating system to perform a task at the operating system level such as using Oracle SQL commands to query the database during the execution of an ABAP program. Obtain a listing of storage locations • List table T001L 15. and TVKOS 20. Obtain a listing of sales groups • List tables TVKGR. Obtain a listing of all purchasing groups • List table T024 17. TSPAT. Obtain a listing of all sales organizations • List table TVKO and TVKOT 18. Obtain a listing of sales offices • List tables TVBUR. Obtain a listing of all purchasing organizations • List table T024W 16.• List tables T001W and TVKWZ 14. Obtain a listing of all divisions • List tables TSPA. Obtain a listing of distribution channels • List table TVTW. and TVKOV 19. TVKBT. and TVGRT 23. Obtain a listing of sales areas • List table TVTA 21. TVTWT.
Other types of changes are allowed with or without corrections.24. Review all relevant SAP change control directories under Unix /usr/sap/trans 26. Correction and Transport (CTS) Control types Default No Change Repairs Unlimited CTS Type Development Integration Consolidation Recipient Changes are allowed in corrections. Changes to SAP-provided objects require a repair correction Changes are not allowed Repairs are allowed but all must have corrections and all corrections are flagged as repairs. 28. No corrections are flagged as repairs CTS Changes Default No Change No Change No Change Determine if change control procedures are formally documented. 27. Determine if separate instances have been defined for development and testing Determine who is responsible for transport administration . Determine that only authorized users have direct access to the Oracle database management system. Review all SAP userids at the Unix operating system level. And determine that all default system passwords have been changed. Ensure that all default passwords have been changed. (etc/passwd and etc/group files) SIDADM ORASID PCTEMU system administration Oracle administration Terminal administration 25. Any changes are allowed with or without corrections.
Determine who can maintain autorizations. 35. Determine if all users have been assigned to a group. (Table USR02) . S_USER_GRP and S_USER_ALL 30. Determine who can maintain profiles. Determine how the profile SAP_NEW is being used. S_USER_PRO 31.Ensure that control tables are properly established TSYST TASYS TDEVC defines all systems to be used in CTS defines all recipient systems defines all development classes Use transaction code SE06 for CTS verification Use Transaction code SE38 to review the placement of programs in authorization groups SE38 select attributes and select display 29. S_USER_AUT 32. Review SAP for any new objects/values that have been defined Review changes to table AUTH for new fields and table TOBJ for new objects 36. List all SAP supplied profiles and authorizations that have been modified and review for completeness. 33. Determine who has the capability to add user master records. List off the system parameter file (RSPARAM) and review the authentication controls login/min_password_lng login/password_expiration_time login/fails_to_session_end login/fails_to_user_lock 34.
DEVELOP S_ABAP_ALL All R/3 privileges All SAP system functions System administration SAP customizing system SAP development environment All authorizations for ABAPs TOOLS>ADMINISTRATION>USER MAINTENANCE>USERS>MAINTAIN USERS>INFORMATION>OVERVIEW>USERS> profile name >LIST>PRINT 40.ADMIN S_A. List all users with the following standard system profiles: SAP_ALL S_A.CUSTOMIZ S_A.37. Determine that the SAP* profile has a user master record and that SAP* has had its password changed and added to the SUPER group. SE01 (CTS requests) and/or DDIC in the System Administration Function field SM21 in the Field Administration Function field (allows access to the system log) TCOD which allows the user to change additional authorization checks .SYSTEM S_A. 39. Determine who are the members of the SUPER group and ensure that their membership is required. Determine who has access to the ABAP/4 Data Dictionary S_ADMI_FCD For this object list users that have the following values: REPL. Determine how many users have SAP_ALL access in the production environment. Also determine if the password has been stored in a secured location in case of an emergency. List all users with special SAP system administration S_ADMI_FCD S_BDC_ALL S_DDIC_ALL S_EDI_BUK S_EDITOR S_PROG_ADM S_PROGRAM Access to ABAP/4 Data Dictionary Batch Input DYNPRO and ABAP/4 Creating and modifying ABAP/4 programs and use of screen painter Ability to edit and modify ABAP’s programs Running ABAP/4 programs and submitting background processing Ability to run ABAPs S_TABU_ADM System Table – table maintenance S_BTCH_ADMS_ENQ_ALL Background Processing S_TSKH_ADMS_ENQ_ALL Transactions – lock management for processing 41. 38.
the system rolls it back. Determine which transactions are locked on the production system by viewing additional authority checks in table TSTC (Tools>Administration>Tcode Administration). List users with authorization for SM04. Temp Historical Active Revised Use Transactions: SE16 SE12 SE80 SCU3 Data Browser Dictionary Display Object Browser Table history transaction 42. The dialog program first generates a log record in the VBLOG table. 43. Determine who has batch access S_BDC_MONI S_BDC_ALL S_BTCH_ADM S_BTCH_ALL S_BTCH_USR Batch log files (bdc/logfile) should be reviewed and any deletions.Versions for a particular object are maintained as: Utilities>Version Management Menu. Determine if the parameters for the trace and log files are adequate With the RSPARAM report. modifications. review the rstr/* and rslg/* parameters If a transaction cannot finish correctly. Transaction SM21 or Tools>Administration>Monitoring>System Log Selection Criteria: . Ensure that at a minimum the following transactions are locked: SE01 SE38 SE11 Correction and transports Ability to execute ABAP programs Maintain data dictionary objects 44. SM50 (S_TSKH_ADM) which grants access to the transaction locking function. or abended sessions subject to investigation and should be secured through the correct use of the operating system security.
and S_SPO_DEV 46. Determine who has access to the SAP customizing system (IMG. Access to these transactions should be restricted. S_SPO_ACT.Date/Time – To – Date/Time By User. Determine if Spool access is properly restricted. menu customizing) S_A. because these transactions can causes all file servers to shut down. Trans Code. Determine if backup procedures are appropriate for data and programs On-line and off-line backups of all the file servers can be controlled through the CCMS.CUSTOMIZ The profile gives all authorizations required for the Basis activities in the customizing menu. 47. Verify who has the authorization object S_ADMI_FCD. Problem Classes (Messages) 45. SAP Process. (Verify which profiles have access to transaction F040).) . (Table USR10 gives an overview of all authorization objects in a profile. Is access to the SAP archiving function restricted.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.