SAPAuditInformationandApproach.docx
-
资源ID:1638179
资源大小:56.71KB
全文页数:63页
- 资源格式: DOCX
下载积分:9金币
快捷下载
账号登录下载
微信登录下载
三方登录下载:
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
SAPAuditInformationandApproach.docx
SAPAUditInfor1.natiOnandAPPrOaChAUthOriZationEXamPIe1. UserMasterRecordUser:FrankW.1.yonSPrOfi1.e:EXamPIe2. Profi1.e:Examp1.eObject:AUthoriZatiOns:S_ProgramABAP:3. Authorization:ABAP:Object:S_ProgramVaIUes:Fie1.ds:*ProgramGroupSUBMIT,VARIANTActivityAuthorizationSystem:1. Profi1.esOneormoreassignedtoauser2. ObjectsMustbeuniquenameswithoneormorefie1.ds3. Fie1.dsContainva1.uesforauthoritychecking4. Author!zationsCanhavethesamenamesastheyarephysica1.1.yandphysica1.1.y1.inkedtoanobjectFie1.dgroupforanobjecthasmu1.tip1.eva1.uesandcanbesharedacrossobjectsInitia1.Defau1.ts1. Initia1.C1.ients C1.ientOOOStandardmode1. C1.ient001Mode1.foruserdefinedc1.ients,(temp1.ate)2. Initia1.UserIds SAP*Defau1.tsuperuser.Ausermasterrecordiscreatedduringinsta1.1.ationbutitisnotneededbySAP*toaccessthecomp1.etesystem.IftheSAP*masterrecordisde1.eted,theSAP*accounthasthefo1.1.owingspecia1.privi1.eges: Itisnotsubjecttoauthorizationchecksandthereforehasa1.1authorizations Ithasthepassword"PASS”,whichcannotbechangedwithoutcreatinganewusermasterrecord. Topreventde1.etion,assignSAP*usertoagroupca1.1.edSUPERandon1.ysuperusershou1.dbeab1.etomaintainusergroupSUPER.3. Initia1.SecurityParametersParametersforuser1.ogon1.ogin/min_password/1.ngMinimumpassword1.engthdefau1.tis(3)1.ogin/password_expiration_timoNumberofdaysafterwhichapasswordmustbechanged.Thedefau1.tiszero,whichdoesnotenforcepasswordchanges.Recommendedva1.ue=45.1ogin/fai1s_to_session_endNumberoftimesausercanenteranincorrectpasswordbeforethesystemendsthe1.oginattempt.Thedefau1.tis(3).1.ogin/fai1.s_to_user_1.ockNumberoftimesausercanenteranincorrectpasswordbeforethesystem1ockstheuseragainstfurther1.ogonattempts.Thedefau1.tis(12).Recommend(3).Whenapasswordis1.ockedinthismanner,itisautomatica1.1.yun1.ockedbythesystematthestartofthenextday(midnight).AddingUsers1. Eachusermusthaveamasterrecord.2. Eachusermasterrecordreferstooneormoreprofi1.esthatdeterminetheaccessrightsfortheuser.3. Masterrecordcontains: UserID Password Usergroups Usertype Periodofva1.idity referencestoauthorizationprofi1.esMasterrecordscanbede1.etedbutitwi1.1.affecttheaudittrai1.Betterto1.ocktheuser,smasterrecordMenuPath:Too1.s-Administration-UserMaintenance-User-1.ock/Un1.ock.4. UserGrouprecords.Tfauserthenanyuserusermasterrecord.Tfapersonisassignedtoausergroup,on1.ytheadministratorswhoareauthorizedforthatusergroupcana1.terusermasterisnotassignedtoagroupadministratorcana1.tertheAddingProfi1.esProfi1.esandAuthorizationsexistinbothmaintenanceandactiveversions.A1.1.owsforupdatestomaintenancebeforeitisactivated.Separationofmaintenanceandactivationfunctions.1. SystemProfi1.esSAPStandardandSuperUserProfi1.esSA.SYSTEMUn1.imitedaccesstoa1.1users,profi1.es,andauthorizationsS_A.ADMINAuthorizationsforSAPsystemadministration.Thisinc1.udesa1.1.authorizationsexceptfor:MaintenanceofusersinusergroupSUPERS_A.CUSTOMTZS_A.DEVE1.OPS_A.USERMaintenanceofprofi1.esandauthorizationswithnamesbeginning“S_A.AuthorizationsforuseintheSAPCustomizingsystemAuthorizationsforuseintheSAPDeve1.opmentenvironment(exc1.udesanyuserorpro)Basissystemauthorizationsforend-users(e.g.,S_Program,S_DBC_MONI,etc.2. StartupProfi1.esProDescriptionS_ABAP_A1.1.A1.1.ABAP/4authorizationsS_ADMT_A1.1.A1.1systemadministrationfunctionsS_BDC_A1.1.A1.1.batchinputactivitiesS_BTCH_A1.1.A1.1.batchprocessingauthor!zationsS_DDIC_A1.1.DDIC:A1.1.authorizationsS_DDIC_SUDataDictionary:A1.1.authorizationsS_NUMBERNumberrangemaintenance:A1.1authorizationsS_SCD0A1.1.Changedocuments:A1.1authorizationsS_SC即_A1.1.A1.1SAPscripttext,sty1.es,1.ayoutsetsmaintenanceS_SPOO1._A1.1.S_SYST_A1.1.S_TABU_A1.1.S_TSKH_A1.1.S_USER_A1.1.SAIA1.1.A1.1.spoo1.authorizationsA1.1.systemauthorizationsStandardtab1.emaintenance:A1.1authorizationsA1.1systemadministrationauthor!zationsUsermaintenance:A1.1.author!zationsProvidesun1.imitedaccesstomaintaina1.1SAPR/3systemauthorizations,withthefo1.1.owingexceptions:MaintenanceofusersinusergroupSUPERMaintenanceofprofi1.esandSAP_ANWENDSAP_NEWZ_ANWENDauthorizationswithnamesbeginningS_USERA1.1.SAPR/3(exc1.udingsystem)app1.icationauthorizationsProvidesun1.imitedaccesstoa1.1.authorizationsaddedwithnewre1.easesofSAPR/3.A1.1userauthorizations(exc1.udingBCsystem)3.Profi1.esandtheirassociatedauthor!zationva1.uesetsarestoredinUSRxxtab1.es.AddingAuthorizationsAuthorizationobjectsareusedtocheckauser,SauthoritytoperformactionsandaccessdatainR3.Auser,sactionisapprovedon1.yiftheuserpassestheauthorizationtestforeachfie1.d1.istedinanobject.1. AuthorizationObjects SAPcontainsanumberofauthorizationobjectsthatareusedtorestricttheabi1.ityofuserstoperformcertainfunctionsandaccessinformation.Authorizationobjectscancont
