SA38 access in production landscape

In light of heightened focus on controls (i.e. Sarbanes-Oxley), is anyone aware whether SAP formally recommends fully restricting user access to SA38 in a production system. Some programs delivered by SAP do not have transaction codes assigned to them. Is there a high risk in affording this access if programs are properly secured.

Hi Robert;
We were just audited, and the answer we got was no -- you should not give this access to anyone. The reason is that there are certain SAP program and reports that will allow someone to perform certain functions. The example we got was that you can run a report straight from SAP that would allow you to increase a credit line for a customer and it would bypass security.
We were told that any program, SAP or custom, should be driven by transaction code and that should be maintained in user roles.
Cheers,
John

Similar Messages

HT204266 I live in China, have Dutch nationality, and no US address or Credit Card; how can I have access to products from the US iTunes store, in particular music, when such items are not available from the China iTunes store? In general, what are the di

I live in China, have Dutch nationality, and no US address or Credit Card; how can I have access to products from the US iTunes store, in particular music, when such items are not available from the China iTunes store? In general, what are the differences between countries' iTunes offerings? Does one really need an address and a credit card for any country to be able to access that countries iTunes store? Why these restrictions?

You cannot.
You cannot use another countrys itunes store.
You must be physically locates inside the borders of a country to use that countrys itunes store and a credit card issued in that country with a valid billing address in that country.
The owners of the distribution rights of movies/music/etc differ by country. These distributors decide who can sell their content in that country.
Buy from another source if your countrys itunes store does not carry somehting that you want.

ICH : SXMB_ADM - F7 Check says "No access to system landscape at present"

Hi
When I perform following :
tcode sxmb_adm -> Integration Engine Configuraion -> Check (F7)
I get "No access to system landscape at present"
This on our ICH-server.
Same check on the PI-server (X) is successful.
The SLD used is the same for both servers. I.e same url-address in "corresponding integration server".
Role of business system for ICH = Application system
Role of business system for PI = Integration server
Anyone that knows how to correct this? Some refresh, cache update or similar that must be performed?
/Regards
Joakim

Hi,
please run transactin sldcheck on the abap to see where the problem is.
Did you :
- run and configure transaction sldapicust
- the rfc connection pointing to the sld server
Kind regards,
Andreas

No access to system landscape at present

Hi
I am trying to establish connectivity between ECC and PI. I am in SXMB_ADM of ECC and under Global Configuration Data, I put the role of business system as Application System. Now when I click on the Systel Landscape, I am getting an error " No access to system landscape at present". How should I solve this?
What do I enter next to corresponding Integ server ?
Regards

Hi,
Check in SLDCHECK, from R/3 side, if everyhting is ok.
You may want to check:
#1143810 - Troubleshooting SLDCHECK - Releases 71X
Second point, check note below to about the components in SLD, if they are correctly registered.
#1334053 - No automatic PI 7.10 SLD Registration
And take into account the following notes mentioned in the note above:
#1117249 - Incomplete Registration of PI components in SLD
#764176 - Error in XI due to inconsistent SLD contents
Last recommendation, open the Exchange Profile and change all parameters that ends in *.name to FQDN, and don't forget to restart the system to activate the changes.
For more information about the FQHN, check the notes below:
#773830 - FQHN determination in ICM
#654982 - URL requirements due to Internet standards
Also ensure to apply the FQHN as per instructions on the note below:
#804124 - HTTP communication with XI Adapter Engine fails
And check for the parameter 'com.sap.aii.connect.integrationserver.sld.name' from note:
#1278563 - Specification of message server host in Exchange Profile
Regards,
Caio Cagnani

[Integration Engine Configuration Data] Error: No access to system landscap

Hi all,
When configuring Integration Engine Data (To go to 'Integration Engine Configuration Data' screen: Tcode: SXMB_ADM -> Choose: Integration Engine Configuration -> F8), we want to load Configuration from System Lanscape by choose F6, an error occur with message as below:
No access to system landscap
So that we can't load configuration from our System Landscape.
We have correctly configured other below:
     - We use http port for corresponding Integration Server.
     - Business System with role 'Integration Server' created correctly in SLD.
     - T-code SLDCHECK is all OK.
     - T-code SXI_CACHE is all OK.
Anyone can please help me correct this error ?
Point will be reward for any valuable answer,
Thanks a lot,
Vinh Vo

Please can you check if your RFC destination SAPSLDAPI and LCRSAPRFC are working both ABAP and Java stack.
just check the reply from Udo and jai's reply
R3 Connecte XI 3.0 Problem
also check page no 18
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bd5950ff-0701-0010-a5bc-86d45fd52283

I'm trying to re-download a Acrobat XI Pro, which I had purchase 05/13/14 onto my computer, which was recently "cleaned' and had windows re-installed. When I go to my account to access the product, there is no record of any orders. My order number is AD

I'm trying to re-download a Acrobat XI Pro, which I had purchase 05/13/14 onto my computer, which was recently "cleaned' and had windows re-installed. When I go to my account to access the product, there is no record of any orders. My order number is AD012414282. Any suggestions?

Downloadable installation files available:
Suites and Programs: CC 2014 | CC | CS6 | CS5.5 | CS5 | CS4, CS4 Web Standard | CS3
Acrobat: XI, X | 9,8 | 9 standard
Premiere Elements: 13 | 12 | 11, 10 | 9, 8, 7 win | 8 mac | 7 mac
Photoshop Elements: 13 |12 | 11, 10 | 9,8,7 win | 8 mac | 7 mac
Lightroom: 5.7.1| 5 | 4 | 3
Captivate: 8 | 7 | 6 | 5.5, 5 | 1
Contribute: CS5 | CS4, CS3 | 3,2
FrameMaker: 12, 11, 10, 9, 8, 7.2
Download and installation help for Adobe links
Download and installation help for Prodesigntools links are listed on most linked pages. They are critical; especially steps 1, 2 and 3. If you click a link that does not have those steps listed, open a second window using the Lightroom 3 link to see those 'Important Instructions'.

I have dowloaded Photoshop + Lightroom (subscription) but no serial number have been provided for Photoshop CC so I cannot access the product. Please help

I have dowloaded Photoshop + Lightroom (subscription) but no serial number have been provided for Photoshop CC so I cannot access the product. Please help

Thank you Steve. Will do it straight away.
We can can continue talking this evening, no prob.
Rgds
Marco
Il giorno 16/mag/2014, alle ore 19:12, SG... <[email protected]> ha scritto:
I have dowloaded Photoshop + Lightroom (subscription) but no serial number have been provided for Photoshop CC so I cannot access the product. Please help
created by SG... in Photoshop General Discussion - View the full discussion
Hi,
When did you make the purchase? Can you try signing out of the CC desktop app, and then signing back in?
I'll see if I can get direct support sent your way as well. How much longer are you available for this evening? We can communicate directly as well if you prefer.
regards,
steve
Please note that the Adobe Forums do not accept email attachments. If you want to embed a screen image in your message please visit the thread in the forum to embed the image at https://forums.adobe.com/message/6385161#6385161
Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page:
To unsubscribe from this thread, please visit the message page at . In the Actions box on the right, click the Stop Email Notifications link.
Start a new discussion in Photoshop General Discussion by email or at Adobe Community
For more information about maintaining your forum email notifications please go to http://forums.adobe.com/thread/416458?tstart=0.

Inside Identity and Access Control products

Hello,
For the past few months I was working on a blog which can help understanding under the hood of identity and access control products. Please have a look into it and let me know how to improve the contents.
http://identitycontrol.blogspot.com

Latest Topics
1) Video of Federated Access Control
2) RSA Conference 2007

Inside identity and access control products : blog

Frinends,
Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
Latest topic i added is "SAML in action"
Please post your comments also so I can improve the contents.
Thanks

Thanks a lot idmguru!!
your efforts are simply awesome..
-Yash Bansal

Inside of idm and access control products

Hello Friends,
For the past few months I was working on a blog where I shared my past experiences with the IAM products, New technologies and problems faced in the products at a conceptual level. I thought of sharing that with experienced team of technocrats like you. Please have a look into this and let me how how can I improve this.
blog URL --> http://identitycontrol.blogspot.com/
Thanks
idmguru

Frinends,
Visit my blog http://identitycontrol.blogspot.com to get inside working of the identity and access control products. My efforts here is to explain insides in a simple language.
Latest topic i added is "SAML in action"
Please post your comments also so I can improve the contents.
Thanks

I have just paid for a monthly subscription for Adobe Acrobat Standard. How do I access the product?

I have just paid for a monthly subscription for Adobe Acrobat Standard. How do I access the product?

Englishcupoftea thank you for the update. For information on how to cancel your subscription please see Cancel your membership or subscription | Acrobat.com online services.

Sapstar user is accessing in production

Hi Gurus,
i am facing one issue with sap* user.
when i restart sap system while restarting sap system sap* user is accessing(login) in the background.
i have checked system log that time it is accessed by background work process with standard sap program. but it is not happening in quality system.
It is updating last logon date in SUIM and SAP Auditors asking questions as why sap* accessed in production system?
now i have activated security audit log for sap* user to get more information.
could you please tell me why sap* is accessing at the time of sap system restart?
how to cancel this sap* login?
Thanks in advance,
Venkat

Hi Venkat,
Login to production system . go to Tcode SM37 --> put * in Job name field and User name as sap* --> all the job status to be considered (checked) --> then search. (put future dates for getting released copy)
Ideally , there has to be SAP batch job in released status under SAP* user and you need to change it to ther SAPBATCH user to avoid its usage.
Regards,
Edited by: Rupali B on Feb 27, 2012 8:27 PM

SA38 access restriction

Hello,
I am currently working on trying to restrict access to SA38 for Basis in a Production environment. At the moment they have S_Program with a * for access. I would like to shave that down and remove the HR and FI programs. Is there a simple way to do this that I am not aware of? is there a naming convention for FI and HR Programs that I can key in on to remove them from S_Program?
I understand that in most cases SA38/SE38 should not be allowed in Production. But at the moment we are unable to make that happen so we are trying our best to limit the risk by removing FI and HR programs. Any help would be greatly appreciated.
Regards,
Paul

> I understand that in most cases SA38/SE38 should not be allowed in Production. But at the moment we are unable to make that happen so we are trying our best to limit the risk by removing FI and HR programs.
I would concentrate efforts on application authorization objects, and not the ability to start the reports.
Reports with authorization groups often perform "blunt" checks for full authority (*) because this is an equally un-granular approach or are used to protect the variants and this should be application support (see transaction VARCH for a better option!).
Unfortunately, some reports make no checks and rely only on the authorization group, but these are less of a risk than those without any authorization group or selection screen in my opinion.
The best place for consistent checks are always in the code which actually does something.... those you can rely on.
Cheers,
Julius

How to Protect your Custom Access Database Product - so that you can sell & distribute it?

I'm looking for an update on this topic as I have been away from Access for a couple of years and have not kept up with the latest.
Hopefully they have made it easier to design, develop, sell and distribute custom database solutions. So here goes...
Question A:
If one develops a custom database product with Access 2013 what is the current best way to...
1 - Prevent it from being (too easily) copied
2 - Prevent it from being (too easily) reverse engineered
3 - Prividing a time limited free demo copy?
4 - Providing a demo copy with limited functionality... like limiting the number of records in an important table, or whatever?
5 - What have I left out of this list that should be considered for protecting ones investment in the development of the product? (other than copyright, of course.)
Question B:
What is the latest on being able to migrate an Access database to the cloud?
1 - Entirely online
2 - Part in the cloud and part on the users machine
3 - And what about all that VBA code - is there no way to make that work in the cloud and/or on a web server... or does it all have to be tossed and all the coding redone?
Question C:
What are other alternatives solutions for selling your custom database application while protecting all your investment in developing it?
1 - Write the front end in C++ (so that it is fully compiled) and the back end in ASP with MS SQL Server? (or alternative server side solutions)
2 - Write the whole thing as a server side solution with browser interface?
3 - Or what?
Thanks for any help.

Hi Fran_3,
>>What is the latest on being able to migrate an Access database to the cloud?
In my option, the Access Web app would be a better choise.
Regards,
Tony
Help each other

Query developement and se16 access on productive system

Hi,
we are setting up an authorization concept on ERP2004s and our users asking for query development rights and se16 on our productive system. I think queries and se16 should be on the test system due to security reasons. Please post some feedback how do you think about it!? I think queries should be developed on the test system and transported.
Thank you in advance!
Best regards
Frank

Hi Frank,
I dont think that you can give access to writing a quaery in production system.
writing a query also need access to:
Transaction Code: SE16
Authorization object: S_TABU_DIS
Activity: 02 AND 03
Risk: The risk here is that users who have this access, have the ability to maintain table data directly in the production system. This includes transactional, masterfile, security and configuration data.
Hope it is useful.
Please award points if it is useful.
Thanks & Regards,
Santosh

SA38 access in production landscape

Similar Messages

Maybe you are looking for