SAP User Enumeration

Hi All,
Recently there was an SAP audit conducted in our landscape and SAP found as below (SAP User Enumeration (High Risk))
"During our testing and enumeration we managed to extract a list of SAP processes and SAP users from the ABAP syslog.
It is important to note that a number of SAP installations have been identified each with different users. It is also important to note that each of the installations was tested against common and new exploits available for SAP systems without success".
Could any please advice on this.
Warm Regards,
Sudhakar G

sent

Similar Messages

  • How to let SAP user use SSO to access Application in DMZ?

    Hi All,
    Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
    After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
    Regards,
    Bin

    Hi,
    Take a look at this example, it uses property nodes to select tha
    active plot and then changes the color of that plot.
    If you want to make the number of plots dynamic you could use a for
    loop and an array of color boxes.
    I hope this helps.
    Regards,
    Juan Carlos
    N.I.
    Attachments:
    Changing_plot_color.vi ‏38 KB

  • Error while scheduling report for SAP users

    Hi All,
    We have SAP authentication enabled in our BO environment. (BO XI 3.1 sp2 FP 2.6 on windows 2003 server).
    There are some webi reports based on BW Bex queries that we are trying to run on behalf of certain SAP end users. This we are doing using "schedule for" option.
    Now what is happening here is if the end user has logged in once in BO system ,it runs fine. But in case user has not logged in to BO (using infoview etc.) ,it throws error saying "incomplete logon data" . Also if user changes or reset his password in BW and if he doesn't login to infoview after that ,system throws another error "Name or password incorrect (repeat logon)".
    Based on these observation, we are suspecting if BO system uses stored SAP users credentials while scheduling report for them based on their last login.
    Would like to mention here that we have checked option "automatically import users".
    Please advice if this behavior is normal or we are missing some setting.
    Thanks in advance,
    Chandra

    Hi All,
    Any pointers or suggestions for this issue ??
    Is there a setting/option avialable in CMC which could resolve these errors.
    Or, user has to login once to infoview in all circumstances to avoid these errors.
    Thanks,
    Chandra

  • Backup message error -SAP system is running or SAP user is connected to dat

    Hello ..
    when the backup started i got this message error ..before starting the backup, the shell shutdown the sap system but below message was showed
    BR0262I Enter database user name[/password]:
    BR0055I Start of database backup: bedvugxg.aff 2010-08-08 05.31.48
    BR0484I BRBACKUP log file: /oracle/AAA/sapbackup/bedvugxg.aff
    BR0477I Oracle pfile /oracle/AAA/102_64/dbs/initAAA.ora created from spfile /oracle/AAA/102_64/dbs/spfileAAA.ora
    BR0068E SAP system is running or SAP user is connected to database AAA - database cannot be shut down
    BR1025I Please shut down SAP system first or use the 'offline_force' option
    BR0056I End of database backup: bedvugxg.aff 2010-08-08 05.31.48
    BR0280I BRBACKUP time stamp: 2010-08-08 05.31.49
    BR0054I BRBACKUP terminated with errors
    [Major] From:  "OMNISAP" Time: 08/08/10 05:31:49
    BRBACKUP /usr/sap/AAA/SYS/exe/run/brbackup -t offline -d util_file -c -m all -u hpbkup/******* returned 3
    i am new on this, what should i review into the db?
    Regards and thanks in advance
    Dma.

    Hello Daniela,
    you try to perform an offline backup (which is a very uncommon way nowadays) and your SAP system is not down.
    This is also described in the official documentation:
    http://help.sap.com/saphelp_sm32/helpdata/en/0d/d309664a0c11d182b80000e829fbfe/content.htm
    offline: Database backup in offline mode, in other words, the database is shut down during backup. When you select this parameter, BRBACKUP checks that no SAP system users are connected to the database. If an SAP System is active, the database is not shut down and BRBACKUP terminates the process with an error message (message number BR0068E).
    Regards
    Stefan

  • How to Send SAP User to Spool Job instead of SAPService SID

    Dear Gurus,
    I have to print data using access method C (or L) via print server that runs on win 2008.
    SAP AS runs on win 2003.
    It works fine, but user which appears in print job is SAPService<SID>. We need here sap user who actually initiated printing. It can be obtained easily by chaning access method to G. However, this solution is not acceptable.
    Thank you in advance,
    Nenad

    Problem solved on OS level by introducing anonymous log on.
    Cheers.

  • Problem connection in OIM 9.1 with SAP user managment

    Hi!
    When I want to provision a sap user management resource to an user, it appeared this problem.
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Create User Request
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] userId :PRUEBA4803, userGroup:AUDITOR_ARG,lastName:prueba4803,firstName:prueba4803,userTitle:0003,langComm:S,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:1,decimalNotation:Y,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:000,userType:A,sapUserId:,empId:PRUEBA4803,fromHRMS:
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Request
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Inside XLSAPUTILITIES
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Requesting****
    2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection creation.
    It is strange because it was working all right since 3 months ago and in these 2 last weeks, it is frequently this problem. Sometimes it works sometimes it does not.
    Of course, I tried the connection between OIM and SAP, with the SAP login, and the connection is all OK.
    My oim vertion is 9.1 and the SAP User Management connector is 9.0.4.1.
    Did anybody have this problem before?
    Bye!

    Oh I forget, when I restart the application server, in my case the jboss, the problem is fixed. Strange...

  • OIM - SAP Employee Recon and SAP User Management Connectors vs. OC4J

    In reading through the SAP connector documentation I've found that we cannot use OC4J to run OIM if the 9.0.3 SAP User Management Connector or SAP Employee Recon Connector is used. This is all related to a conflict in JDK versions supported between the SAP JCo (Java Connector) library and OC4J. A thought we've had is to use a Remote Manager for these connectors. Can anyone validate this approach? Is it possible to use a different JDK version with your remote manager? Is there another workaround that anyone is aware of?
    Thanks

    Hi,
    The remote manager should work with different JDKs. We are going to be doing the same thing for one of our adapters.
    As for SAP, I cannot think of another workaround -- we actually abandoned the SAP JCo approach and are doing web services with XI.
    Thanks,
    Deborah
    http://www.linkedin.com/in/dvolk

  • Sap UM connector 9.1.2 trouble with "SAP User Management User Recon" task

    Hello All,
    i have a problem with Sap UM Connector version 9.1.2.
    OIM version 11.1.1.5
    Windows 2008 R2
    Problem is:
    Then accounts in Sap are created through direct provisioning feature of connector everything works ok (subsequent update or delete an account).
    But if a user account is created in Sap using Sap GUI, scheduled task "SAP User Management User Recon" of connector doesn't create reconciliation event to link user.
    Sometimes it does though, but for one user account created using Sap GUI in OIM created two reconciliation events, so corrsponding user in oim have two records for resource SAP.
    In this reconciliation events, one have full set of attributes (Login, First Name, Last Name, E Mail, etc), another one - just these 3 attributes: IT Resource, User ID, Lock.
    "SAP User Management Delete Recon" scheduled task works ok then user account has been deleted using Sap Gui.
    How one can troubleshoot such behavior?
    Can anyone advise please?

    resolved the issue by updating sap um connector to version 9.1.2.5

  • How to find out the cost of SAP user for a particular user id

    Dear All,
    I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
    Could you please advice me regarding this.
    Raghu

    Hello Raghu,
    I got one issue like how to find out the cost of SAP user, i mean for a particular user id.
    Could you please advice me regarding this.
    I think you need to reach out to BASIS consultant to check out the Cost involved for User ID for the SAP application.
    Regards,
    Sarthak

  • Automatic creation of BP from SAP User (created manually) in PPM 5.0

    Hi Gurus;
    There are some way to create BP automaticaly from SAP User?
    I know that exits some Function Module BP* can do this automatic creation.
    Someone did this?
    Best regards.
    Mariano

    Hi Rajadurai,
    In the BADI - BUPA_FURTHER_CHECKS implement the method - CHECK_CENTRAL.
    The following code could serve your purpose:
    IF IV_ACTIVITY eq '01'. "Check if it is for creation
      CALL FUNCTION 'BUPR_RELATIONSHIP_CREATE'
       EXPORTING
        IV_PARTNER_1 = IV_PARTNER
        IV_PARTNER_2 = LV_createdby "BP no of the creator
        IV_RELATIONSHIP = 'BUR011' "Code for emp. resp
        IV_DATE_FROM = SY-DATLO
        IV_DATE_TO = '99991231'.
    endif.

  • New sap user creation

    Hi All SAP experts,
    My company has implemented 2 Systems SAP Landscape with one development and one production server which are running on R/3 Enterprise 4.7 (Kernel Release 6.20) with Microsoft SQL 2000 as database server.
    I have the following questions regarding new sap user creation by using user copy function.
    1.When I request to create new SAP User by using user copy function ,should I just create the user acct in DEV and transport it to PROD System? If yes, how could I do that?
    2.When I request to create new SAP User by using user copy function, can I just create it on PROD System only? If yes, what is the impact?
    3.When using User copy function to create new user acct, should I select all parts (like adress ,defaults,reference user, user groups.....) of the existing user to be cloned to new user acct?
    Thanks.
    Leon

    Hi Leon,
    Answer to your questions in their respective order:
    1. You can create user in DEV and then make remote client copy to PRD system using scc9 t-code. Here you can choose user accounts and authorizations for the copy. ( Rem: Data will be overwritten in target system when copied).
    You can also use client export/import(scc8/scc7)
    But, When you do the client import from the exported files using STMS,you will have to select only one of the transport requests and then STMS automatically selects the other requests for you.
    Then it will show you the different transport requests that you have created during your export, the client copy profile and the target system and client. The customizing and application data is deleted in the target client before copying for all profiles except SAP_USER. This is technically unavoidable (and hence the data will be overwritten).
    So if you can afford overwritting of user data in target client , you can go with the above procedure.
    2. Using  user copy in su01, you can copy one user to another user only in that client and is confined to that system only. So yes, If you want 2 or more users to have same authorizations, profiles ,etc etc.. you can choose this in PROD system.
    3. It depends.. If you want user to be in same group, then you can choose user groups. If you want them to have same authorizations , you can choose roles and profiles... If you want them to have same company address and others,... you can select address.. and so on.
    Also below link provides required steps in case you choose local/ remote client copy:
    http://www.sap-basis-abap.com/bc/client-copy-by-using-scc8-and-scc7.htm
    Hope this helps...
    Thanks,
    Ajith
    Edited by: Ajith Kamath on Oct 20, 2009 8:28 AM

  • Business Partner ID same as SAP User ID

    Hi All,
    We have one SAP Service Desk Implementation going on.
    There is an intresting requirement as follows:
    1) BP ID generated should be same as their respective SAP User ID, irrespective of the BP Role.
    2) First Run for Mass Generation has to be done and that should take care of point 1.
    3) Business Partners should be automatically created by system whenever a new SAP User ID is created in system landscape.
    I know that if i use external number range, this can be done. Moreover there is one standard BP Mass Creation program also. But challenge is to find setting which makes this BP ID generated same as SAP User ID.
    In past, I have manually created external BPs like this because volume was very low in those projects... but now we have more than 1000+ users whose will be associated with service desk.
    Please advice.
    Regards,
    SM

    Hi,
    there is a technical problem with your request:
    BP numbers are limited to 10 characters but user IDs can have up to 12 characters.
    So you will not be able to set BP number = user ID if you have user IDs with more than 10 characters.
    Regards,
    Christoph

  • How to send an email with from address not as a SAP user id

    Hi,
    sender = cl_sapuser_bcs=>create ( pv_user ).
    I am using the above piece of code to send an email.
    In the method "CREATE" , I CAN PASS ONLY THE SAP USER ID.
    But i want to pass the email address (user) which does not  a SAP user id?
    how to do this.

    Hi Brad Bohn,
    I have coded  like below. I could see the mail in SOST, in that from address is as 'myname'.
    But the mail does not reaches to the recipient.
    Can you tell me where the problem is?
          DAta:: from_addr TYPE REF TO CL_CAM_ADDRESS_BCS,
                     lo_bcs_recipient  TYPE REF TO if_sender_bcs,
                     send_request TYPE REF TO cl_bcs.
          CALL METHOD cl_cam_address_bcs=>create_internet_address
            EXPORTING
              i_address_string   = 'myname at the rate of domain'
              i_address_name   = 'myname'
            RECEIVING
              result                    = from_addr.
                CALL METHOD send_request->set_sender
                  EXPORTING
                    i_sender = from_addr.
              CATCH cx_send_req_bcs .
                IF sy-subrc <> 0.
                  CLEAR sy-subrc.   " added to hide warnings.
                ENDIF.

  • Get SAP User E-Mail Address

    Hi,
    does anybody know where I can find the e-mail address of a sap user (The one which you can edit via SU01). I already took a look at all the usr* tables and of course adrc but this little bastard still hides in the dark
    Any help is greatly appreciated.
    regards
    Thomas

    Hi Thomas,
    offtopic request ...
    Could you send me your mail address? Did not find it on your BC, don't think we exchanged addresses there.
    Use my name to mail me at [email protected]
    Thx
    Max

  • Get SAP user Id and External E-mail Id From Position in SRM

    Hello All,
    I am fetching Position from Ztable, And i want to get SAP User Id and External E-mail Id from this Position. Is there any Function Module or any table through which can i get it? Please suggest me ASAP.

    Hi,
    I think FM BAPI_USER_GET_DETAIL will do. Structure ADRESS contains everything.
    If you like to display at screen - use BAPI_USER_DISPLAY.
    Kind regards,
    HP

Maybe you are looking for

  • External Display Stopped Working

    I've been using an external Dell 19" monitor with my beloved and faithful Macbook Pro for years.  All of a sudden, I was unable to select the propert setting for the external monitor.  Two days later the monitor stopped working altogether when plugge

  • Get Number of rows from a sql query.

    I am reading data from a sql query in a BLS transaction and I would like to know the number of rows returned. Is there an easy way to do this without looping through the table? Thanks Jasper

  • How to create dynamic strcture for a interrnal table

    first i created one internal table . with five fields . suppose i want add two more fields in internal table. what is the code for the this . if any one konow

  • HT4623 Greyed out sync to phone button

    Hi I have an iphone 4, which used to be synced with my Mothers itunes, but with my own username and password etc, I have now got itunes of my own and made a purchase tonight on itunes, however this tune will not go on to my phone for some reason...I

  • Itunes Extras not working on Oblivion (Movie I Just purchased)

    Hey gang, so I click on the movie poster of the movie I just purchased (the movie plays fine) and I click on the *play itunes extras* button and I get a blank black screen of death.  NO extras. When I go to the List mode, both ARE showing up: Oblivio