Business Security
Hi,
I hope that, somebody can help me with this issue. I just have entered to a new company as a Basis support but I found out that the SAP R/3 System users of this company, use to share they users and password in order to access the system, and now I have the request to prohibit this. The question here is how can I deny user access to the system from several terminal at the same time?
I hope that you can help me with this issue, cause this could cause a lots of trouble in the long way to the business.
Erik,
One thing you can do to minimize the risk is disable multiple logons in SAP.
Change parameter login/disable_multi_gui_login. Search login/disable_multi_gui_login for more info if needed.
Cheers,
Ben
Similar Messages
-
Hi all
I believe some of the technical people would be curious and try to find out what security solutions is used for government, education, place of interest or organizations. I am one of it. * I did not use any of their machines, I saw it through Taskbar.
I am not biased for any security products, this is based on what I seen outside. Commonly either Symantec or McAfee in Singapore for business security.
Government managed hospital - Symantec Antivirus Corporate Edition
IBM Singapore - Symantec AntiVirus Corporate Edition
Institute of Technical Education Singapore - Symantec Endpoint Protection
Singapore Polytechnics (including Student's Personal Laptop if direct purchase) - Symantec Endpoint Protection
Primary and Secondary Schools (under Ministry of Education) - McAfee VirusScan Enterprise
SCDF - McAfee VirusScan Enterprise
I also seen some Microsoft and ESET security products running around SMB when I was asked to go to client sites to assist setup for presentation. So far, I have not seen any other products from other security vendors.
It would be great if you can share your findings, so all of us would know which security vendors is more popular for different areas, etc.
Cheers
Peter
(Current: W520 4284-A99) (Refunded: W510 4876-A11)
=============================================
Does someone’s post help you? Give them kudos as a reward, as they will do better to improve
Mark it as solved if the solution works for you, so it could be reference for others in the future
Dolby Home Theater v4 (ThinkMix V2)!
http://forums.lenovo.com/t5/W-Series-ThinkPad-Laptops/W520-Sound-Enhancement-Thread/m-p/451401#M155...
Solved!
Go to Solution.Hello,
Here's a list of the companies I've come across, along with their notable consumer products:
Agnitum Anti Virus/Outpost
AhnLab V3 Internet Security
Alwil Avast!
ALYac Anti Virus/Internet Security
Arcabit ArcaVir
AVG Technologies AVG Anti-Virus/Internet Security (formerly Grisoft)
Avira Antivir
Bach Khoa Bkis BKAV
Beijing Rising Anti Virus/Internet Security/PC Doctor
Bullguard AV/Internet Security
CheckPoint ZoneAlarm/AV/Internet Security (formerly Zone Labs)
Comodo Anti Virus/Internet Security
Dialogue Science Dr. Web
Emsisoft Anti-Malware/Online Armour (formerly TallEmu)
ESET NOD32/Smart Security
F-Secure
FilSecLab Twister
Frisk F-PROT
G Data Anti Virus/Interet Security
GFI VIPRE (formerly Sunbelt Software)
Hauri ViRobot
Ikarus virus.utilities
Lavasoft Ad-Aware
K7 Anti Virus/Total Security/Ultimate Security
Kaspersky Anti Virus/Internet Security/Pure
Kingsoft Anti Virus
MalwareBytes
McAfee Anti Virus/Internet Security/Total Protection
Microsoft Forefront/Security Essentials
MWTI eScan
Norman Anti Virus/Security Suite
Panda Anti Virus/Cloud/Internet Security
Qihoo 360
Quick Heal Technologies QuickHeal Anti Virus/Internet Security/Total Security
Softwin BitDefender AV/Internet Security/Total Security
Sophos Anti Virus/Security Suite
SOSDG ClamAV/ClamWin
Support.Com - SUPERAntiSpyware
Symantec Norton 360/Anti Virus/Internet Security, PC Tools
Total Defense (formerly Computer Associates)
Trend Micro Anti Virus/Internet Security/Titanium
TrustPort
VirusBlokAda VBA32
Webroot Anti Virus
WebSense
That's off the top of my head. There are probably a few others that I missed, but I'm sure others can help fill in the list.
Regards,
Aryeh Goretsky
I am a volunteer and neither a Lenovo nor a Microsoft employee. • Dexter is a good dog • Dexter je dobrý pes
S230u (3347-4HU) • X220 (4286-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • T61p (6459-CTO) • T43p (2678-H7U) • T42 (2378-R4U) • T23 (2648-LU7)
Deutsche Community Comunidad en Español Русскоязычное Сообщество -
Issue implementing Business security profile in IDT
Hi,
BO 4.1 SP3
I created a WebI Report with ADMIN privileges with 3 objects and published to Public Folder.
Then I created a Business security profile in IDT and Denied USER1 access to ‘Display Data’ on one of the above 3 objects say Object3 (i.e. Granted ‘Create Query’ and Denied ‘Display Data’ access on that object3).
Now when USER1 logs to WebI -> Public Folders and refresh the report, it says 'No privlilege..contact admin' message.
Is it possible to display Certain Users to have all 3 columns and hide Object3 to USER1 in the same WebI report ?
Appreciate if anyone can give some directions ?
Thanks.I think you missed one more thing,
IDT -> Business Layer -> Parameters -> AUTO_UPDATE_QUERY to YES
Ref: xi4sp6_info_design_tool_en.pd Page: 225
A user who is denied an object by a Display Data setting might refresh a report containing the denied object. You can specify what the refresh should do in this case by setting the SQL generation parameter AUTO_UPDATE_QUERY in the business layer.
If this parameter is set to No, then refreshing the report generates an error message.
If this parameter is set to Yes, then the denied objects are removed from the query and from any filters defined in the business layer. Data for other granted objects is retrieved and displayed to the user in a partial report. -
My sister is buying an ipad2 for fun and business. security software?
I am an iMac owner with no security software installed.My sister has never owned an Apple computer product and has ordered (not received) an iPad2 for fun and her own business (ledgers and accounts). She has asked me to recommend a security software package. Does she need it? If so, what kind?
It's not needed. At all. As long as your sister doesn't "jailbreak" her iOS device and avoids tricksy phishing attempts.
Every app is sandboxed, and the OS is among the most secure usable by an average consumer. In my opinion, best thing is to just not worry about it. -
Small Business Security - Buying Process
I go through extensive research before I make any purchase, let alone a purchase that intends to protect my small business. Whitepapers, calling sales reps, asking colleagues, Google searches... seriously everything. I like to arm myself with everything possible before I make an important decision.
How about you guys? I'd love to learn what more I could do.
Idea starters...What websites do you visit to become more aware potential cyber threats to your business?How quickly do you make purchases?What do you rely on the most when making a purchase?How price-averse are you?
- Sam
This topic first appeared in the Spiceworks CommunityNo, it wasn't difficult at all to setup in OS X Server. I use a free internet domain name from DynDNS.com. I don't know if they still offer free ones anymore. You can not use VPN and 'Back to My Mac' at the same time as they use some or all of the same ports.
I'm at work and not on my Mac at the moment so this is from memory.
Within OS X Server, I enabled the VPN Service (default L2TP) and used my free domain name in the VPN Host Name and a Secret passphrase. This put an entry in my Airport Extreme router for VPN (port mapping).
Within the client Mac, I added a VPN network connnection (System Preferences /Network). I pointed to my free domain name in the Server Address, used my Server account name in the account name. I think there's an Authentication button that I clicked. I entered my Server account password, the Secret passphrase in the Secret field, checked a box to show VPN icon in Menu Bar and exited out of that. Then clicked the Advanced button and checked the box to send all traffic over VPN connection.
I had VPN authentication issues at first when trying to connect to test out the connection. I just kept trying as I knew I had all the settings correct and it would finally connect after about 3-4 tries. After that, I sometimes have to connect more than once to actually connect to my Server via VPN. But it does work nice. I brought my MBP into work once to test it out and was able to connect to my home Server via VPN and use Screen Sharing and had access to all my shared folders. -
Getting Error message while trying to access security editior for a IDT universe
Hi,
I have created universe in SAP BO4.1, using IDT.
I have applied row level security for User Groups using Security Editor.
I have published the changes to repository.
But when I am trying to re open the security editor for that universe its throwing error:
"Unable to load security for universe ID ATF10O... (IDT 022123)."
I am not able to edit row level security, even this security restriction is not restricting data in WebI report.
Thanks for your response.Hi Sonal,
The local file of Business Security Profile is missing or damaged.
Resolution
Use the workflow to reset the problematic Business Security Profile in the filestore. After that, you can manually re-create the new Business Security Profile to make it working.
Logon to CMC and find the ID of the universe with issue(e.g. 9010).
Logon to Query Builder (http://<web server>:<port>/AdminTools/).
Find the detail information about this universe with the following SQL statement:
select * from CI_APPOBJECTS where SI_ID = 9010
In the Search Results List, you will find a row with the title of SI_SL_BSPS (Business Security Profile), note down the number of it(e.g. 9016).
Then search with the following SQL statement in the Query Builder:
select * from CI_APPOBJECTS where SI_ID = 9016
In the Search Results List, SI_PATH is the local file address of the Business Security Profile (e.g. frs://Input/a_146/035/000/9106/).
Then you can back up the file and delete it.
Select a Business Security Profile without issue and rename it as the deleted one.
Put the new normal Business Security Profile under the location of the deleted file.
Then you can delete it in the IDT and recreate it normally.
Refer: SAP Note - 2080272 - Error "Universe access failure Unable to load security for Universe ID XXX (IDT 022123)" appears when editing a Business Security Profile in Information Design Tool
--Raji. S -
Security Restrictions disappear when webi is modified
Hello,
I have the following problem with Security restrictions.
I have created a business security profile, and assign this profile to a user directly (I have tested the same assign the profile to a group and the problem occurs too).
The business security profile is defined this way:
1. At the first tap (Create query), I grant all the views of the business layer and all the objects.
2. At the second tap (Data) all objects are granted.
3. At the filter tap, I defined the row restrictions of the profile (3 conditions with and).
4. I assign the business profile to the user.
The steps to reproduce the problem are:
1. I create a webi (with an administrator user) that uses the universe that contains the business security profile
2. The user that have the business security profile restrictions assign, open the webi refresh and show only his data.
The SQL of the webi query shows the security restrictions (profile filters).
3. I modify the report (for instance, I drag a dimension on it). Save the report.
4. The user that have the business security profile restrictions, open the modified webi refresh and show all the data (as he was an administrator user).
The SQL of the webi query does not show the security restrictions (filters). The restrictions desappear of the SQL.
Please, could you help me?
Thanks
PilarEnable the following auditing on the server either through domain
policy or local policy:
Audit logon events - Success
Audit Object Access - Success
On the Auditing tab, add Everyone with the following audit settings. -
SAP Lumira - Implementing row level security
Hi All,
I aware that SAP Lumira 1.17 onward allows to share the datasets, stories to SAP Lumira Server as well as SAP BI Platform (4.1 SP3 onward).
But I would like to know if there is any way of implementing Row level security for this published contents i.e. datasets or stories. e.g. If user A (may be an administrator with access to all the regions) creates dataset and story and shares it with other users over SAP Lumira Server or SAP BI Platform. But when user B accesses these contents on any platform, SAP Lumira server or SAP BI Platform, he should be able to see data only as per his access (his own region). Can something of this sort be implemented?
Thanks,
AbhijitHi,
Sorry for the delay in getting back to you.
As per my understanding - as of today, we respect Row-level security when acquiring (fetching) the data from universe into Lumira desktop (also, contexts and business-security profiles i.e. columns)
now, when that desktop user has 'designed' the Lumira document, all of the above: row-level, contexts and security profiles are 'locked-down' into that artefact when shared onwards. (i.e. to Lum Server and hence, BI Platform)
once this content is being access from the BI Launchpad, refresh-on-demand is possible from the story, as well as scheduling of dataset on which it is based.
According this blog by Greg Wcislo (the product owner for the Add-on) Lumira integration for BI4 functionality detailed. note that features such as 'refresh on open' and 'changing design-time parameters' (i.e. prompts) are not yet supported, but very much in future scope / plans.
I believe that one of the other mid-term goals is to architect a 'Lumira server-side universe refresh' (i.e. so that the processing is handled 100% by Lumira server) rather than querying across BIPlatform services then replicating a dataset to HANA (which is currently the process flow)
I hope this helps.
Regards,
H -
Mapping a wrapped business object
Hi,
I have a business security requirement (in our domain model) which can be described as an Administrator impersonating a normal business user. This allows for key state changes to be performed on behalf of a user (so that they maintain ownership of business entities), whilst the audit trail will correctly show that it was the admin who actually invoked the operation.
The code impact is high if I go down the path of passing both the admin user and impersonated user around everywhere.
I was wondering if it would be possible to do this with a wrapper, that is a proxy for a user. So the key state transitions will occur as if performed by the impersonated user, whilst the audit entries will be generated with the impersonator details.
So if my wrapper class implements the same "User" java interface and has references to both the impersonator and impersonated user...can I modify the mappings to make this all but transparent to my existing code base?
Thanks.
MikeHi Anoop,
to put you on the right trail real quickly, without giving any details at present (because I don't know it by heart right now):
On the start of the transaction(s) and on change of the displayed/changed object of the transaction a function like the manager for the generic object services is run through. There you can hook your implementation to publish your own business object, which will then be available in the GOS. With this you can also add your own menu entries there.
The search term you will be looking for is the ABAP OO class: <b>cl_gos_manager</b>
Best regards,
Florin -
Visual Business FPM Test Application not working
Experts,
Urgent Help required!
We are using EWM System for our VB Application Development.
When we open the Geomap test application in SAP Gui its showing up perfectly fine.
But at the same time when we try to test the standard FPM Test Application its not showing zoom toolbar,application toolbar nor the map.PFB :
Kindly suggest what could be missing or is there something else which needs to be done at FPM level.
Regards
SijuHi Experts,
At the same time my browser is throwing me an exception 'SAP Visual Business Security Issue' which
is preventing the visual business to open.
Please help!
Regards
Siju -
How to associate more than one security group for UCM documents?
When checking in a document we are only able to associate one security group to documents. In our case, a particular document can be seen by more than one group e.g a document can be seen bu both finance and marketing groups.
How can we associate more than one group for documents?
Our requirement is related to search. We want to display the documents to the end user based on the security group that is associated with the document. We are planning to use IDM and have all the groups/roles that are possible in the end site (also delivered by same ldap) available in UCM so that when checking in the documents we can associate desired groups who can see these documents.
Regards,
PratapOne thing before all, is that I suggest that you think through your security model before implementing it in UCM. You should ask yourself questions like :
- Is security really based on department ?
- Why two departments need to have access to the same category of document ?
- Is it really security that I need or classification ? Is it a problem if Accouting have access to Finance or you just don't want Marketing documents in a finance related search ?
- Maybe what you want is that finance guys to have access to marketing document.
Without a clear business security model, it's hard to find a UCM security model as it is impossible to associate 2 security groups to one document. -
Can't find column level security in BO 3.1
I am trying to implement column level security in Web Intelligence in Business Objects 3.1.
After studying articles on google I found that it can be achieved using Business Security Profile but when I searched I couldn't find any such profile or setting in BO 3.1.
Can anyone please guide me in correct direction on how to achieve the same in BO 3.1
Please also let me know the will there be any compatibility issues as Development environment is in BO 3.1 and Production environemt is BO 4.0.
Thanks for your time
SivaHi Siva,
You can use "Manage Access Restriction" option to acheive column level security in Business Objects 3.1 universe.
See below document for more detail-
Implying Security on Business Object XI 3.1 Universe having SAP BW as Source
~Anuj -
Unable to use more than one processor group for my threads in a C# app
Hi,
I set my .Net 4.5 (or 4.5.1) App.Config to:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<Thread_UseAllCpuGroups enabled="true"></Thread_UseAllCpuGroups>
<GCCpuGroup enabled="true"></GCCpuGroup>
<gcServer enabled="true"></gcServer>
</runtime>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1"/>
</startup>
</configuration>
I run my app on a windows server 2012 with a NUMA architecture: 2 x [cpu Xeon E5-2697 v3 at 14 cores each with Hyper Thread activated] => 2 x 14 x 2 = 56 Logical Processors.
This is TaskManager screenshot:
My app start 80 threads either from "Thread Class" or "Parallel.For" and in both case it only takes 28 Logical Processors, all from the same Processor Group.
According to MSDN documentation
and
Stephen Toub answer, it should use every Logical Processor of every Processor Group.
Why does the Task scheduler assign my threads on only one Processor Group?
I also reported this question to
StackOverflow which have a lot more information.
Eric OuelletOne thing before all, is that I suggest that you think through your security model before implementing it in UCM. You should ask yourself questions like :
- Is security really based on department ?
- Why two departments need to have access to the same category of document ?
- Is it really security that I need or classification ? Is it a problem if Accouting have access to Finance or you just don't want Marketing documents in a finance related search ?
- Maybe what you want is that finance guys to have access to marketing document.
Without a clear business security model, it's hard to find a UCM security model as it is impossible to associate 2 security groups to one document. -
Windows 7 clients suddenly unable to connect to SQL database
Our environment in a nutshell:
Server1: Small Business Server 2003 R2 (Active Directory domain, it is the sole domain controller [DC])
Server2: Dedicated to SQL Server 2005 and the SAP Business One database
Server3: Windows Server 2003 R2 Standard Terminal Server. This provides user sessions that are the equivalent of Windows XP SP3.
Two Windows 7 workstations: 1x 64-bit, 1x 32-bit. Both are domain joined.
All above computers on a gigabit LAN.
Client product is SAP Business One 2007 A (8.00.181) SP:00 PL:49
SQL Native Client is 9.00.5000.00
SQL Server is mixed-mode authentication, however all users use trusted Windows connections. All users with access to the product are members of an "SAP Users" domain security group.
Normal operation is:
Local Win7 workstations have client installed and connect over the LAN to the SQL Server instance on Server2
Remote users log on to the Server3 Terminal Server, fire up sessions and connect to the SQL Server instance
Up to and including Thursday, March 12 everything was working fine for all users. As of Friday, March 13 the Terminal Server users/sessions are still working perfectly but the Windows 7 workstations can no longer connect to the SQL Server instance with trusted connections. They are still able to connect if they switch to a SQL Server logon and use the "sa" user account and its password.
Also, the users normally using the Win7 workstations can log on to the Terminal Server with their usual domain accounts, and run SAP from there, which works perfectly.
The error the Windows 7 users are seeing:
Connection failed:
SQL State: 28000
SQL Server Error: 18452
[Microsoft][SQL Native Client][SQL Server]Login failed for user ". The user is not associated with a trusted SQL Server connection.
Prior to each logon attempt above, the Server2 SQL Server machine logs another event to its Application Event Log:
SSPI handshake failed with error code 0x8009030c while establishing a connection with integrated security; the connection has been closed. [CLIENT: xx.xx.xx.xx]
Source: SQL Server instance, event 17806. From SQL Server log, Severity 20, State 2
What I've tried so far:
All servers have been restarted in correct order
Running the client in Windows XP SP3 compatibility mode. No difference
Running the client as Administrator. No difference
Upgrading to SQL Server Native Client 11.0 via:
Uninstall B1 client
Uninstall v9.00 Native Client
Install v11.00 Native Client
Install B1 client
Net effect is no difference
Googling the event IDs that are being logged seems to point to:
Expired domain account. Manually checked that the 2 users accounts are not expired and they belong to the "SAP Users" group. Furthermore, the domain accounts are still working when used in Terminal Server sessions.
Problem with Service Primary Names (SPNs). This seems to be Active Directory-related. Again, the domain accounts normally used on the Win7 workstations work fine on the Terminal Server so I'm inclined to think AD is OK
Other information that may be useful:
No Windows updates applied between March 12 and 13 on either Win7 workstation
Both Win7 workstations running Microsoft Security Essentials and the native Windows 7 firewall
All servers running Trend Worry Free Business Security suite
Sorry about the length of the post but hopefully it will reduce wild goose chases. Any troubleshooting ideas greatly appreciated.Problem found!
It turns out it was some sort of subtle problem with Trend antivirus running on the servers.
On all 3 servers there are 3 main protection components that are enabled by default:
Antivirus/Anti-spyware
Web Reputation
URL Filtering
What I did was to turn off all 3 components for all the servers. With Trend this can be done from the central management console. SAP then worked on one of the Win7 clients using Trusted Connection (i.e. Windows Authentication).
Then I turned the Trend components back on, on all servers, one at a time (to try to find which component was the culprit). Here’s the funny part: I turned all 3 back on, and SAP still works on the Win7 client using Windows Authentication! I even restarted it to make sure that state of affairs persists across a restart, and it’s still OK.
It's worth noting the problem was not solved shortly after it appeared by restarting all 3 servers. There was even a scheduled installation of Windows updates a couple of hours ago, which restarted all 3 servers again, and the problem still persisted. It was not fixed until the Trend components were globally disabled (on all 3 servers), then re-enabled.
Trend WBFS is version 9.0, pre SP1. -
Hi,
We have third-party endpoint protection with the possibility to whitelist and blacklist URL's. Trend Micro Worry-Free Business Security.
Does Microsoft Intune Endpoint Protection also provides the same functionality?
Regards,
DirkNot included, see https://technet.microsoft.com/en-us/library/dn646970.aspx.
Torsten Meringer | http://www.mssccmfaq.de
Maybe you are looking for
-
Windows Server 2008 R2 SP1 BSOD 0x1a with CLFS.sys
Hello, I've got a BSOD on a Windows Server 2008 R2 with SP1 installed. Analyzed the dump and could see a Bug-check of 0x1a which means "MEMORY_MANAGEMENT". Further analysis on this dump shows me, that this probably is caused by the CLFS.sys, which is
-
Error in Downloading Distribution Viewer(.zip) in Viewer Builder
In the signing screen. I enter the Certificate p12 and password and mobile provision and I get this error Not finding expected label 'iPhone Distribution' in the certificate. I have rebuilt the viewer and checked/amended the cerificates in the the ap
-
I have a macbook pro which I purchased last november. It works perfect except the images I have in powerpoint do not get displayed clearly.
-
hi EveryBody... i am unable to connect to the Oracle Database using Enterprise managaer in 10g, when i am writing http://172.20.262.27:1158/em it is throwing The page cannot be displayed output using Oracle 10g Release 2 on Hp-itanium please Help me
-
On passing XmlObject to webservice , Root element is truncated
Hi, I am using weblogic 8.1 SP2 I have created a XmlObject and when I am passing it on the Webservice deployed on .NET environment. Root element of Input XML from WLI is getting truncated. When WLI generated a SOAP Body, it doesnt take RootElement. S