<$BlogRSDUrl$>

Wednesday, February 25, 2004

SM20 - Security Audit Log

Never used this, but looks interesting. Needs activating with the parameter:

rsau/enable



(0) comments
SAP* Locked

update sapr3.usr02 set uflag ='0' where bname like 'SAP*' and mandt = 'nnn';

This is better than deleting the user and then having to set it up again with the same profiles etc.

Check also OSS note 68048.

It is possible to remove the possibility of SAP* from a system, check RZ10 for profile parameter:

login/no_automatic_user_sapstar

if this has been done then the above won't work, you'll have to change the parameter and bounce the system. This parameter can be put in the default profile and so will affect all app servers too.

SAP recommend that user SAP* should exist with no authorisation and be locked. That way any standard passwords would not allow unauthorised access.

(0) comments

This page is powered by Blogger. Isn't yours?