Security Optimization Self-Service. Checking profiles
Dear All,
I am using Security Optimization Self-Service and would like to know if there is a way to implement a "customer specific authorization check" to evaluated if somebody is granted with profiles SAP_NEW or SAP_ALL_DISPLAY.
I will appreciate ideas and suggestions.
Regards,
FedeX.
No idea, but if there is nothing in the trace or SU53, then typically the check is either performed against a different user (possibly in a different system) or it is dependent on a config setting first, and not authorizations.
Normally I look around in the menus of the transaction to see whether there is a config option there, failing which use System -> Status -> Navigate and expand the object hierarchy. Keep your eye out for a view.
Otherwise, take a look in the PBO (Process Before Output) module to see what is setting this in the dynpro.
A shot in the dark, but might help in the right direction.
Cheers,
Julius
Similar Messages
-
Security Optimization - Self Service
Hi There ,
I am trying to reproduce a "howto" document regarding SECURITY OPTIMIZATION WITH SOLMAN.
I was able to run ST14 in the analyzed system and sent it to SolMan. But I do not find the way to find the "Security Optimation - Self/Service" option in SolMan in order to see or load the ST14 results.
(The version of ST-ICO is 150_700)
I will appreciate any idea
FedeXThanks Paul,
I was trying this part :
On Solution Manager you can see this data in the Service Session.
DSWP > Service Plan >Self Delivered Services > System Security Optimization > SDCCN Data
Then you can view in Session Workbench, create your questionniare, etc.
But I do not get shown the option "System Security Optimization"
The option list that I get under Service Plan is
SAP Delivered Services | Self Delivered Services | Service Channel | Certificates | SDCCN Data | Graphics
when I select Self Delivered Services I get like the column of a report with the following colums
Service I Status I Planned on I Project I Milestone
btw I also try SDCCN Data option but there is like a kind of criteria for report there (Selection criteria)
Some idea how to get the option System Security Optimization displayed ?
Thanks in advance
FedeX -
Security Optimization Self Service and EWA
Hi,
I am curious if you can keep on using the same SOS session?
The ST14 data is of course different from every collection, but what about the preliminary data collected from the EWA download? Is this getting updated in the session (which I doubt) or do you need to close the current session and then create a new one?
What about if you reinitialize a session fx. once a month. Will the data from the weekly EWA download then be updated?Hi,
Thank you for responding.
This was also what I expected, so thanks for confirming this.
Do you by any chance now why there are three checks (0303-0305) which is not rated, and do not contain any data at all? The data is collected in the ST14 upload.
I tried asking this in the security check department a couple of weeks ago, but it was apparently not the right place, since I have not got an answer :-).
Note 837490 says that this could be because ST-SER is newer than ST-A/PI, but I have got the newest version available.
Thanks -
Security Optimization Self-Service. ST13
Hi There,
Using transaction ST13 to define customer specific checks, I am able to input KeyFigure & Comments .
1. Is is possible to have these Info in the SolMan report ? how could I do that ?
2. Are the rules in this area evaluated / grouped by Key Figures? or in contrast all rules are evaluated together undependably of what they have as key figure ? in that case what is the reason/function of the key figure?
Thanks in advance,
FedeXHi,
I still test and no quit sure if I am doing the right process...what I have done:
use st13 to create my own alerts > 9000.
use st14 for creating the report on target system... I check on the target system and by viewing data of the generated report there is a list of users because security specification > 9000.
export report to SolMan ... successfully
on SolMan ... what are the steps that I have to do?..I am not quit sure ... I go to session workbench ...here there are already some info of the previous check that I did days before ...... I click on the option collect data (ST13, ST14)..I delete the old number and introduce the new GUI Number and click on collect button... the rest of the fields are filled in ... and no additional message appear..
one of the existing entries on the left side is Customer specific Auth check ...it is in red..
being on the collect data (ST13, ST14) entry I just click on save + next open check an the focus/cursor jump automatically to the last entry check session consistency I do not identify any change in the entry Customer specific Auth check which still red and not showing the expected list ( what I see in target system)
well hope this give some idea about the issue and possible solution
Thanks
FedeX -
Performance Optimization Self Service- SAP help requirement
Hi,
I want to know whether for SAP's help is required for performing the self service of Performance Optimization.
If we collect ST12 trace and use it to perform the self service then is the report which is generated from the self service sufficient to take further action or will I need some SAP expertise to implement / take corrective actions?
In short, whether I can do the Performance Optimization by myself or I need help from SAP?
Regards,
Vishalhi,
1) Is this service available to all the customer? (by all the customers I mean "Max Attention", "Enterprise Support" etc)
i answer this above is it, from mz above reply, have you checked
enterprise support customers can get five EGI sessions as free per year. please check
http://service.sap.com/esacademy
- click browse egis
for your second question also I answered above
Does the report itself gives suggestions or we need to provide the report to SAP
here my reply above
because Guided procedure itself the proven methodlogy from SAP, the report provides the lots of suggestions against the SAP best practices.
you can use it yourself most of the time. if still you need expert guidance from SAP, book for EGI sessions. they called as expert guided implementations, remote support. duration might vary based on the session.
again, service report is the source, you have to review yourself, if you are in EGI, sap use that report for guiding. Please review
Thanks
Jansi -
Sec. Optimization self-service - Customer specific auth Checks
Hi There,
checking some automatic check like 0750 I see in SolMan there are some tabs like Green, Red, Recommendation (0705)
checking the Customer specific auth Checks I found out only some of them.... I would be interested to know if it is possible to configure "something" in order to have the tab Recommendation (9XXX) for Customer specific auth Checks .
Thanks
FedeX.Hi,
I still test and no quit sure if I am doing the right process...what I have done:
use st13 to create my own alerts > 9000.
use st14 for creating the report on target system... I check on the target system and by viewing data of the generated report there is a list of users because security specification > 9000.
export report to SolMan ... successfully
on SolMan ... what are the steps that I have to do?..I am not quit sure ... I go to session workbench ...here there are already some info of the previous check that I did days before ...... I click on the option collect data (ST13, ST14)..I delete the old number and introduce the new GUI Number and click on collect button... the rest of the fields are filled in ... and no additional message appear..
one of the existing entries on the left side is Customer specific Auth check ...it is in red..
being on the collect data (ST13, ST14) entry I just click on save + next open check an the focus/cursor jump automatically to the last entry check session consistency I do not identify any change in the entry Customer specific Auth check which still red and not showing the expected list ( what I see in target system)
well hope this give some idea about the issue and possible solution
Thanks
FedeX -
Hello All,
Can anybody let me know the step by step procedure on how to use the self service security checks tool used in solution manager for Audits..Hi,
Apart from the note, have you checked that the user starting the ST14 data collection has
all the authorizations acocording the note above?
Are you able to display the information collected in transaction ST14
under the Utilities ->Analysis browser menu option?
Please check also the following note that can be helpful:
967938 - Security Optimization Self-Service: SDCC download
Please also review and follow the steps described in the documentation
"HOWTO: Using the Security Optimization Self Service" ?
The documentation as well as SAP Tutor file are available in the
path below in service marketplace.
http://service.sap.com/sos
-> Media Library
Please firstly review the documentation and ensure that the steps
are followed correctly.
Hope this helps.
Cheers
SH -
Disabling Roles, Resources, Proxies subtabs in Profile tab of Self Service
All,
I am looking for ways to disable 3 (Roles, Resources, Proxxies) of 5 subtabs under self service UI -> Profile -> My Profile subtabs. Any suggestions on how to go about this either programmatically or using configuration.
Thanks in advance.
Prasad.Not possible without UI Customization
-
Our client has the following setup:
* ADF application deployed on weblogic server
* ADF application secured using ADF security with users and roles expected to be present on weblogic server.
* Users and roles stored on Microsoft Active Directory and connected to weblogic server through security provider configuration
The client has the following requirement:
* Extend the ADF app to provide self service and admin screens to the users to be able to do security related operations like change password, reset password etc
Since all this data is mastered in Microsoft AD, I am wondering how do we go about it. What should I start looking into ?
Should I be ..
* looking at weblogic security APIs ?
* looking at independent java APIs that can talk to Microsoft AD ?
Before I invest time in any of these, I want to make sure I am heading in the right direction. Could you point me in the right direction please ?
thanks,
JaseerHi,
Have you already reviewed this document?
[How To Guide: SOS Self-Services|http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000707814&_SCENARIO=01100035870000000112&_OBJECT=011000358700003597252006E]
[SAP Support Portal: SAP Security Optimization Service: www.service.sap.com/sos |www.service.sap.com/sos]
Best regards,
Ruediger -
902: Allowing user to change profile like phone-nr. in self-service
Hi all
An existing Portal user can see his profile using "Account info/My_profile", but he cannot change it (a least by default).
Is there a way to allow users to change their personal profile in self-service?
Thanks
TinoIt may be that the transaction is being routed by default for approval. Check with workflow administrator to see where the transaction has gone. I think you will find it is waiting for an approver!
Many SSHR transactions use a default AME (Dynamic approval) rule which will route the transaction up the supervisor hierarchy for approval. Your transaction data will be stroed in staging tables (HR_API_TRANSACTIONS, STEPS and VALUES) until the approval is made. Only then will it be applied to the underlying tables.
Let me know if this solves the problem.
Regards
Tim -
OIM 11g UDF of UI type Lookup not reflected in Self Service Profile Page
I created one UDF of type lookup in admin console. published the sandbox. Then I logged in self service console and created a new sandbox. I wanted to make udf visible in self service page so I started customizing the create user page. But the newly created udf is not visible under userVO.
Steps to re-produce the issue:
1. create a new sandbox in admin console. create a new udf of type lookup. publish the sandbox.
2. login to self service console. create a new sandbox and start customizing. go to create user page. click on customize. select source and select the panel to add the udf. select data component catalog, select userVO. Under this userVO, my newly created UDF is not visible.I cant find my new lookup type udf. I can see the udf created in usr table in DB.
Please let me know if anybody have faced similar issue and its resolution.
Thanks,
Kalpana.can you check whether remaining custom UDFs are appearing?
Is it a problem just with Lookup UDF type?
Also, this sandboxes are very error prone. So you need to make sure only 1 person is working during 1 specific work with sandbox -
Bypass security question in Password self service in AC 10
We have configured Password self service in AC10. But as we have integrated with SSO so we do not want a security question registration and its answer to be filled during reset .
So my query, is it possible to bypass the security question and reset the password successfully.we could have password self service running without security question.
regards
Hemant -
Delete Session in Services (Security Optimization Services)
Hi,
I've been trying to delete a session from the SAP Engagement and Services Delivery > Services. Service in question is the Security Optimization Services with the status completed. The session underneath it has the status Session is closed. After selecting the first service and pressing delete I get the message Session not deleted. If I select the session underneath it the delete button is greyed out.
Is there any way to delete this sessions?
Also while trying to create a new session no new line(session) is created. The service does run and the Security Optimization Services rapport gets created only there is no new line on the session list.
Solution Manager 7.1 sp08
Thank you.
Greetz,
R.Hello,
Firstly you need to figure out how these services were created in the first place.
To delete sessions you can use the report RDSMOPREDUCEDATA.
Important:
For step 3 in the deletion report select: "ALL SESSION TYPES"
For step 6: make sure that the checkbox is NOT select, so that you can
get an overview of the sessions before the deletion is processed.
Incase the Services were created but the corresponding sessions were not created corectly you would not be able to delete the services. The safest way in this case would be to open an Message with SAP for the cleanup.
If you are an expert in Solution Manager then you can clean up by deleting the entries directly in the tabl DSMOPSERSESSION. However this is NOT an recommended way of doing it.
If the report does not help then open an message with SAP. Safe and Sure way of getting rid of the sessions.
Regards
Amit -
Hi all, I try to set the Reference field for the DFF (Application: Work in Process, Title:Work Request Information), with "$PROFILES$.MFG_ORGANIZATION_ID".
This flexfield is for Self service of maintenance OA Framework. This configuration that work in forms, doesn't work in web application.
What is the correct way to do this?
ThanksHi all, I try to set the Reference field for the DFF (Application: Work in Process, Title:Work Request Information), with "$PROFILES$.MFG_ORGANIZATION_ID".
This flexfield is for Self service of maintenance OA Framework. This configuration that work in forms, doesn't work in web application.
What is the correct way to do this?
Thanks -
Modify Self Service -- Profile page
Hello Experts,
I need to modify the Profile page under Self Service ..the attributes tab to be specific..I would really appreciate some guidance.
Thank youI figured this one out...created an authorization policy allowing user to view and modify and added the attribute to the modifyuserdataset.xml..
Thank you
Maybe you are looking for
-
Unable to open 2.0/3.0 due to migration has stopped working in windows 7
Please help-the ADE was fine for 2 months-won't open anymore-please help. Thank you, Janet
-
IPod Touch 5 wont turn on (homebutton is stuck)
My iPod Touch (5th generation with the latest iOS software update) was working perfectly fine earlier up until I went on facebook and turned it off. It already had a low battery, and so I thought it had just shut down because it needed charging when
-
Photoshop CS4 setup issues..
I have windows Vista 32 bit, I doubled clicked on the startup, run as admin, and........nothing happens. What's going on?
-
How to check the number of digits entered into a itab-field.
Howdy, I've got a program where i retrieve some data from the database and then I need to check if field BKPF-XBLNR has exactly 15 digits in it. I've got no idea on how I would do this... Can anyone help? Thanking you kindly!
-
Applet can access or not cell phone browser??
Hi, I developed a applet, that is working fine for all browsers. But i tried to access that applet in my cell phone that is show exception. Should i have to install jre one cell phone or in cell phone we cant access applet. My phone is java enabled.