Shubham Goel (13609046) SAP technical infrastructure security The best way to decompose SAP infrastructure security is to subdivide it the same way we divide the SAP technology stack by layers: o Building and site security o Network infrastructure o Hardware infrastructure o Operating system layer o Database layer o SAP Basis (application) layer 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 2 Creating a process model or workflow helps SAP security professionals create a secure system. This is done in conjunction with SAP functional specialists in specific business processes and scenarios. SAP roles A role is used to assign access to the system. Roles are easier to manage than individual user IDs. SAP profile generator It is executed by running transaction/ PFCG. Its purpose is to assist an SAP end-user security organization with implementing an SAP application-layer security model. A good rule of thumb is the Rule of 15: If a role reflects more than 15 discrete business transactions, its probably too broad. 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 3 The data stored in SAP needs to be secured not only from outside intrusion, but also from within the end-user community Authorization Profiles Authorization profiles are assigned to specific SAP user IDs. Your user ID refers exclusively to profiles when designating access privileges in SAP. In turn, these profiles grant (or by their exclusion, deny) a certain level of system access on behalf of an end user. Authorization Abbreviated Authorization Description Profile Name SAP_ALL All SAP system authorizations S_ABAP_ALL All authorizations for ABAP/4 S_ADMI_ALL All administration authorizations 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 4 Users may be assigned one or many authorizations depending on their roles in an organization. User authorizations are stored in the master record of each user. A user master record generally contains the following fields: Username, Assigned client, User password, Company address, User type, Start menu, Logon language, Personal printer configuration, Time zone, Activity group, Authorizations, Expiration date, Default parameter. These fields are maintained by SAP security professionals. They need to be updated. 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 5 Like ABAP-based application servers, user access to applications and resources hosted on Java-based application servers need to be controlled. The Java application server supports two types of authorizations: roles and access control lists (ACLs). Whereas roles define and assign activities to users, ACLs control the use of objects on the Java-based application server. 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 6
WinGUI WebGUI JavaGUI Citrix Access Methods
Which SAP User Interface Is Best?
The SAP business functionality you need to execute (SAPGUI for complex transactions) Your desktop, laptop, or other front-end client hardware platform (slow CPU, little RAM, or low disk space prefer Citrix- based access method) Your front-end client operating system platform. The network infrastructure connecting your desktop or laptop to SAP(Slow links can be navigated best via Citrix or the fat client.) 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 7 JavaGUI SAPGUI for Java Users UNIX, Linux, Mac OS Supports Windows, including Windows Vista Features Can run as a standalone application or as an applet in a web browser Installation requires a Java Runtime Environment(JRE) Benefits Total desktop footprint (disk space required on the desktop) is relatively small As fast as the SAPGUI for Windows offering most of the functionality Operates in an identical manner on all supported platforms Supports all SAP ERP transactions Boasts an ultra-thin, very efficient network protocol Limitations Office integration limitation Limited drag-and-drop capabilities 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 8 WebGUI SAPGUI for HTML Users NetWeaver supports both Microsoft Internet Explorer (IE) and the Firefox browser Features Requires a web browser for its installation and operation Benefits Leaner than previous versions (requiring less network bandwidth than before) Supports virtually all of the native SAPGUIs transactions. Hardware footprint is minimal Limitations Limitation in Microsoft Office integration support Cannot display interactive business graphics Limited drag-and-drop capabilities 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 9 WinGUI SAPGUI for Windows Users Microsoft Windows Features Most mature user interface offered by SAP, with various flavors available Benefits Supports all SAP ERP transactions, with fast operations Efficient Network resource consumption Boasts an ultra-thin, very efficient network protocol ; run fast on otherwise slow networks Offered a more appealing user interfaces such as Streamline and Tradeshow Limitations Resource intensive SAPGUI from a desktop footprint perspective 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 10 Tweak SAPGUI : A standalone application that lets you change the visual appearance of the WinGUI. The Theme Selection item under Visual Design gives you the option to choose from several themes and lets you set the default theme for the WinGUI.
Customizing of Local Layout button : It gives you access to several menu options
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 11 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 12 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 13 Define when dialog boxes pop up (with success, warning, and/or error messages) and whether such an action incurs a beep Change the cursor width and enable a block cursor (for Overwrite mode) Specify your default working directory for local data Set trace options Set scripting options The Quick Info option controls how quickly the help information (simple description) launches whenever you place the pointer or cursor over an item in the button bar.
The Messages options enable you to configure how the SAP system presents you with information. bottom-left area of your screen or pop-up box
The System option refers to the location from where SAP retrieves its help files, along with a default timeout.
The Cursor tab enables you to make custom setting changes to the position and appearance of your cursor. 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 14 The Local Data tab lets you configure history and local cache settings, enable front-end security, and specify the default directory for any local data you choose to save in the course of conducting work with the SAPGUI.
The Trace tab can be set to keep a record of errors and warning messages a user receives. Traces also monitor where a user has been by keeping a file of each transaction code for each screen visited by the user.
09-09-2014 SamsTeachYouself SAP Hour 11 and 12 15 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 16 Spool Request Attributes screen allows you to customise your print settings
Send to SAP Spooler Only for Now places the request in the SAP spooler without sending it to the printer. You can choose to print it later by choosing System, Own Spool Requests. The Print Out Immediately option sends the spool request to the output device immediately. The Print Later option allows you to schedule the time when the job will be sent to the printer. In Hour 11,we briefly reviewed SAP security. Technical professionals consider security akin to locking down physical assets such as servers and data centers. To application professionals and end users, SAP security is all about users IDs, user roles, and authorizations. After a brief review of the SAP Profile Generator, we worked through what SAP means by user roles and authorizations.
In Hour 11, we explored the different SAP user interfaces; how to customize the WinGUI to best suit your needs, likes, or personality; and how to make other GUI changes. We also reviewed printing from SAP. 09-09-2014 SamsTeachYouself SAP Hour 11 and 12 17