Siebel 7.5.3 SOX password compliance

Similar Messages

• Controlling SIDADM access per SOX audit compliance

  Hello....
  We are going through our first SAP ERP implementation and had few questions about the SIDADM user and audit.  We are running the SAP system in a Windows server with Oracle Database.  SIDADM user is currently shared by the basis team to maintain the SAP servers.  The basis team logs into the server using the SIDADM account to start/stop the SAP system, run any command based utilities (i.e. sappfpar or tp) when needed and creating/executing batch scripts for backups/exports/etc.  However, since the password for this user is shared by the whole team, we are concerned about SOX audit compliance.
  1.  How does other customers on Windows environment control the SIDADM account to satisfy audit requirements?  Audit doesn't normally allow shared accounts on SAP servers.  When someone directly logs into the SAP server with SIDADM, we can't trace who logged on and made changes to the system.
  2.  If the password for SIDADM is not shared by the basis team, how does the basis team maintain the SAP servers (i.e. start/stop instance)?
  3.  Can the SAP systems be maintained by individual users without using SIDADM?  If so, how?
  We are looking for recommendations on how to control the super users in the SAP environments (SIDADM, DB users, etc) to satisfy SOX audit requirements. 
  Thanks for all your help.  Any recommendations will be appreciated~~
  Janet

  For info:
  SOX (Sarbanes Oxley Act, in particular Section 404) is a high level auditable requirement.
  BASIS activities are lower down and are subject to some slack in the actual implementation of the interpretation.
  The SAP administration (BASIS) area comes under its own audit(s) of particular variations, all of which are usually underneath SOX or another higher level requirement.
  Regards
  Ashley

• SAP Security Planning and implementation with SOX/SOD compliance

  hello
  Hi guys, i am a security guy
  could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance" 
  what does it mean.
  <removed_by_moderator>
  thanks
  Ramesh
  Edited by: Julius Bussche on Feb 2, 2008 1:26 PM

  Ramesh Sammiti wrote:>
  > hello
  >
  > Hi guys, i am a security guy
  >
  > could you tell me ,"SAP Security Planning and implementation with SOX/SOD compliance" 
  > 
  > what does it mean.
  >
  >
  > <removed_by_moderator>
  >
  >
  > thanks
  > Ramesh
  Forgive me for saying, but it means:
  Implementing security which complies with Sarbanes Oxley requirements and takes into account Segregation of Duties.
  SOX and SOD are different things, from a security perspective SOX is generally technical security based and SOD is business process based (although bus proc has big SOX component).
  There is a plethora of information via yahoo/google etc.
  Edited by: Julius Bussche on Feb 2, 2008 1:28 PM

• Intune (standalone) - 8.1 laptop as mobile device - password compliance issue

  Have Intune trial setup, couple of users created, cleanly reimaged (clean install from media, not a company image) 8.1 x64 laptop with all current Windows Updates. Joins workplace and enables management ok, installed Company Portal from store, then tells
  me the device is not in compliance, the password is too short. I only have one local account enabled, it has an 8 character, 4 character set complex password. My Intune account password is a 10 character, 3 character set complex password. My compliance
  policy is set to a minimum of 4 characters, 1 character set. Why the heck is it giving me this error, and what password is it referring to?
  I had this on initial setup with the laptop, which had previously been on the internal domain, so wiped it and reinstalled the OS fresh, to rule out any lingering domain settings.  Retired/deleted the device from Intune, waited an hour, added the newly
  installed device.  Joined the workplace (PC Settings - Network - Workplace), turned on device management.  Installed Company Portal, said all was ok.  Rebooted, was asked to reset local password, did so.  Opened Company portal, gives
  compliance/password error. 
  My goal is basic management of BYOD 8.1 tablets/laptops as mobile devices, and deployment of Activesync email settings to them (for use with the builtin Mail app).  Any and all help appreciated.
  Nigel Benfell B.Sc. MCSA

  Hi,
  It would be the local password on the WIndows 8.1 computer that it is not seeing as compliant. after you changed it does it make any difference after you initiate a Complaince Check from the COmpany Portal?
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Company password compliance by using SAP password paremeters

  Hello,
  I have a small issue getting our SAP system in compliance with our IT password guidelines. Some items are easily synced by the change of a value in a particular parameter, however several will not work for me. Those guidelines that do not work belong to SAP ids' such as DDIC and SAP* and a few others. These IDs' I do not want to expire due to the impact they will have on the system.
  Can anyone offer advice on what could I use? Also, is anyone using the "Login/password_login_usergroup" parameter? If so, please explain.
  Thank you in advance!
  Edited by: Keith Hatcher on May 4, 2011 10:10 AM

  Hi Kumar,
  Try then to import the Portal certificate into your R/3 System.
  Proceed as follow :
  1) in the Portal
    GoTo System Administration -> System Config -> Keystore Admin
    Tab : Content, select in combo box "SAPLogonTicketKeypaiur-cert" and click on "Download verify.der File"
  2) unzip the verify.der.zip file to have the verfy.der available
  3) in the R/3 system :
     launch transaction /nSTrustSSO2
     select System PSE
     in the middle frame, import the EP certificate you just export
     then click on "Add to certificate List"
     Save
  And try again
  Hope this help
  Vincent
  P.S. Do not hesitate to reword points for ANY helpfull answer.

• Ciscoworks - Checking password compliance

  Hi,
  We use ciscoworks to do a mass change of our passwords periodically.
  I want to run a compliance check to unsure then enable password has been changed.
  So i create a template to check for the existance of something like
  + enable secret p4ss0wrd
  However when i run the job it tells me that there are no compliant devices, even when i know that most of them are, and i can logon using the enable password.
  Is it because the password on the device is encrypted and ciscoworks is not able to see what the real password is?
  How can i run a complicance check for passwords then ?
  thanks

  Actually, the string will always change as long as you generate it with the "enable secret" command.  You can even generate it multiple times on the device and it will be unique, ie:
  CR-NMS-6506E(config)#enable secret 0 test
  CR-NMS-6506E(config)#do sh run | inc enable
  enable secret 5 $1$FDbm$el.5qOps49M/oP9F/X3y8/
  CR-NMS-6506E(config)#no enable secret 0 test
  CR-NMS-6506E(config)#enable secret 0 test
  CR-NMS-6506E(config)#do sh run | inc enable
  enable secret 5 $1$F/mV$3vhEBYTl7dJ9CqiLhUaOq/
  CR-NMS-6506E(config)#no enable secret 0 test
  CR-NMS-6506E(config)#enable secret 0 test
  CR-NMS-6506E(config)#do sh run | inc enable
  enable secret 5 $1$8hd6$sBPU9kkIJgu5RHYUtLJml1
  CR-NMS-6506E(config)#
  However, if you copy paste any of these to the config directly (probably why they are the same on yours Martin), they will all be the same enable secret "test".  The first three characters indicate that this is an MD5 hash.
  As Martin says, the best way to test this would be running a dummy NetConfig job which requires enable login.  Veryifing the correct password has been applied is not possible using baseline template (unless you have the custom to copy paste the hash directly), as that would require RME to be able to reverse the MD5 hash.  This is impossible, you can only "break" an MD5 using a dictionary attack.
  In Baseline, you could do something like this "+ enable secret 5 [xxx]" where xxx can be substituted by anything.  But this would only show you have a secret MD5 configured.

• Siebel Database Configuration Wizard closes automatically

  hi all,
  Siebel Database Configuration Wizard closes automatically at step when asked if the GRANTUSR.SQL script was alredy run. Before running the Wizard I already installed the Siebel Enterprise, Siebel Gateway, Siebel Server, SWSE Logical Profile and configurated them. The Siebel Database is available, tablespaces were created and I run the grantusr.sql and everything was OK.
  I chose the option 'already run the grantusr.sql'. By doing this the Wizard closes automatically. No idea what's going on here.
  Can anybody please help me? I've been sitting for hours trying to find out what happens.

  hi WSiebel,
  thanks for the explanation. I checked the logfile under \siebsrvr\log:
  2021 2012-04-08 20:35:05 0000-00-00 00:00:00 +0200 00000000 001 003f 0001 09 sw_cfg_util 1524 2812 D:\sba80\siebsrvr\log\sw_cfg_util.log 8.0 [20405] ENU
  NameServerLayerLog     Error     1     000000024f8105f4:0     2012-04-08 20:35:05     Unable to connect to the gateway server.
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:06     NSS - ErrCode 5009 SysErr 0
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:06     Validation failed : C028: Connection with Siebel-Gateway-Namenserver 粑GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:06     ValidateFailed for Gateway Nameserver-Adresse, error : C028: Connection with Siebel-Gateway-Namenserver 粑NameServerLayerLog     Error     1     000000024f8105f4:0     2012-04-08 20:35:17     Unable to connect to the gateway server.
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:17     NSS - ErrCode 5009 SysErr 0
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:17     Validation failed : C028: Connection with Siebel-Gateway-Namenserver 粑GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:17     ValidateFailed for Gateway Nameserver-Adresse, error : C028: Connection with Siebel-Gateway-Namenserver 粑NameServerLayerLog     Error     1     000000024f8105f4:0     2012-04-08 20:35:21     Unable to connect to the gateway server.
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:21     NSS - ErrCode 5009 SysErr 0
  GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:21     Validation failed : C028: Connection with Siebel-Gateway-Namenserver 粑GenericLog     GenericError     1     000000024f8105f4:0     2012-04-08 20:35:21     ValidateFailed for Gateway Nameserver-Adresse, error : C028: Connection with Siebel-Gateway-Namenserver 粑
  I don't think, that that is the cause of my problem. Even when I started the Siebel gateway, the database configuration wizard doesn't work appropriately.
  Sievel server and Oracle Database are in the same machine (a Windows XP Professional, 32-bit-virtual machine). I haven't installed the Oracle 10g Enterprise edition. Should I install the Oracle client as well?.
  In my case the ODBC connection, the DSN Name is Enterprise Name_DSN: Siebel_test_DSN and points to the Driver: Oracle in OraDb10g_home3. The connection works for siebel/siebel, sadmin/sadmin, but not for sys/mypassword (sorry I am not a Database crack).
  I also tested the connection with the odbcsql as in your email indicated. The connection works when trying with siebel/siebel and sadmin/sadmin (user/password).

• Password Profile settings

  Dear friends,
  We want to implement password compliance policy and have some queries, request you to please suggest me on the below points:
  1) Users access database using - 'sqlplus userid/pwd@connectstring'
  here we can see the password, its not in astrick format, I want to disable db access in this way, I want user to put only 'sqlplus userid@connectstring' and then system will ask password that would be in astrick format. How can we implement this?
  2) As we know that any user can change their password, I want to revoke this privlege from all the users and only DBA can change their password, how it can be done?
  Requesting for your reply.
  Thanks

  877938 wrote:
  Dear friends,
  We want to implement password compliance policy and have some queries, request you to please suggest me on the below points:
  1) Users access database using - 'sqlplus userid/pwd@connectstring'
  here we can see the password, its not in astrick format, I want to disable db access in this way, I want user to put only 'sqlplus userid@connectstring' and then system will ask password that would be in astrick format. How can we implement this? Not possible. At the he point of entering that command, you are not IN sqlplus. You are simply at the OS command line, keying in the name of an executable file that you want the OS to load and pass control to ("sqlplus") and command line parameters that you want the os to pass to the executable file ("userid/pwd@connectstring"). Since you are still at the OS command line, there is no such thing as a password to be identified and masked, you are simply entering a string of characters. Nothing is going to recognize that as a password needing secrurity treatment until after sqllpus is loaded and control passed to it.
  >
  2) As we know that any user can change their password, I want to revoke this privlege from all the users and only DBA can change their password, how it can be done?A user always has control of their own password. What is to be gained by implementing this policy?
  >
  Requesting for your reply.
  Thanks

• Tiger 10.4.7 Password reset issues related to Safari keychain updating

  Following a reset password for administrative updating my software,
  The following keychain password update has not correctly been updated
  to reflect complete password resets.
  I have followed the MACOSX reset procedures and the MACOSX 10.4.6 updates processes and procedures to update all concerned administrative password resets and still the keychain safari messages indicate that safari keychain has not correctly updated to the new password. Annoyance message appears not to affect performance issues of safari just sending emails outbound or chances
  that provoke keychain password triggers. Can not initiate safari password compliance. It does not recongize new admin. password.
  What next? Any ideas from developer channels? Similiar experiences??

  Reference purposes for developers interests. yl61m9

• Impact of Changing User Types

  What is the impact of changing user types from 'service' user type to either a 'communication' or 'system' user type?  Will the change stop authorizations or will it only affect administration?  Is the change related to the available fields or locking security and not necessarily related to authorizations.

  Which release are you on?
  It also depends on your config => rejecting expired passwords, compliance with current password policies (at logon...) and same user context for RFC calls.
  You should first investigate why it is a "SERVICE" type user. If it is from a config wizard with a profile delivered by SAP, then there might be a good reason for this.
  The authority checks on "SERVICE" and "SYSTEM" users are the same, except that "SYSTEM" users are not SAPGui capable. This is not only restricted to the SAPGui logon screen. And for all logon types, they are excempted from changing their password - both via the requirement to do so and the ability to do it voluntarily...
  But if they can administrate themselves, then they can (authorization object S_USER_GRP).
  The same cannot be said for "COMMUNICATION" type users. I recommend not using them at all and there are many SAP notes which correct standard config wizards to use the correct user type => SYSTEM.
  "COMMUNICATION" users are "DIALOG" users, except that when you enter the correct password via the SAPGui logon screen, then a message is returned to inform you that the user type cannot logon from that screen. But other screens will work, if the first screen is skipped.
  You can test this with transaction OBVU in the standard system, or any other Z-transaction of the same ilk.
  Cheers,
  Julius

• Adding startup programs

  Hello,
  I downloaded some programs that need to be started up when my computer startup. These aren't typical mac .app applications but programs that run from the shell as a background process in such. In linux I would put a LSB script and put it in my /etc/init.d/ directory and use chkconfig to add it when the computer starts up however mac does not have that directory or that program.
  So how do I add executables to be started up when my computer does?
  Thanks!

  I found this example:
  Compose an AppleScript with the following code:
  do shell script "sudo pmset halfdim 0" with no tell block.
  Save it as an application, no startup screen, somewhere on your hard drive.
  Then, under System Preferences --> Accounts, assign this new application as a Login Item. You may have to tweak the script for username/password compliance, but that code is pretty close to what you will need.
  Compiling AppleScript scripts from Terminal command line
  You can compile an AppleScript script from Terminal or a shell script by using the osacompile command.
  Example:
  osacompile scriptname
  For more information on using osascript, see the man pages in Terminal, by typing: man osascript

• SOX Compliance in SAP

  Hi all,
  we are about do one project for US based company for which they are asking about SOX compliance in SAP.
  Can any one tell, what we have to do in SAP R/3 in order meet SOX compliance as per US regulations.
  Regs,
  Ramesh B

  Hi Ramesh,
  You have to maintain proper Basis authorization prefer work flow, set up prcess for any functional or technical changes in the production system i.e. form for change request, incident request for authorization, no direct access to tables in the Production client, authorization group assignment for custom program for dual validation, monthly window for production transport or Emergency transport.
  Regards,
  Santosh

• Security solution with Identity server for SOX compliance

  Hi all,
  Has anybody used Identity Server as security solution to achieve SOX compliance? i want to know general view, opinions , experiance of ppl while implementing such solution.
  Just a little background of SOX: It is Created by US Congress in the wake of corporate scandals like Enron in 2001 and 2002.it is an attempts to tighten controls over corporate financial reporting and transparency.
  I am basically interested in implementing security solutions using Identity server for SOX compliance. Section 404 of this act deals with internal controls, which essentially requires organizations to provide following facilities -
  1. User Identification, authorization and access
  2. User control of user accounts
  3. Central identification and access rights/permissions management
  4. Violation and security activity report
  Has anybody developed such solution? What are your general experiance, problems , issues etc? Please share your view....

  Just too quick to draw conclusion: See below FAQ
  If you are not in the same AS container, let me know. Jerry
  Copy from J2EE agent FAQ
  Question - Is it possible to install a J2EE 2.1agent and Identity Server on the same instance of the application server ?
  Installing the IS60SP1/IS61 server and J2EE 2.1 policy agent on the sameninstance of Application server is not a supported configuration. We do support the 21 J2EE agent and IS installed on different instances of the application server. So, users can install theJ2EE 2.1 agent on a one instance of the application server and install IS on a different instance of the apps server.

• Problems with the password with WebClient but not with Siebel Tools

  Hello, I am having problems when I am trying to connect with the WebClient against local database. When I put the user and the password i obtain a message that said me that the password and user is incorrect.
  When I use the same password and user in Siebel Tools I have access without any problem.
  Someone kwows which would be my problem?
  Thank you.

  Thank you for answer. Siebel is 8.1.7.
  Yes, the local odbc is point to the correct path.
  My log for the client said:
  GenericLog     GenericInfo     3     000000024fb40848:0     2012-05-17 09:35:32     Before call security business service
  ObjMgrBusServiceLog     Create     4     000000024fb40848:0     2012-05-17 09:35:32     Business Service 'Docking Service' was created at 88888b0
  ObjMgrBusServiceLog     Create     4     000000024fb40848:0     2012-05-17 09:35:32     Business Service 'Docking Service' (address: '88888b0')was regsitered at model '35f7cc0' for session ''
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:32     Begin: Business Service 'Docking Service' invoke method: 'VerifyLocalSecurity' at 88888b0
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:32     Value for the key 4_Kim_l is not found.
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:32     Value for the key DCK:PwdLockoutFlg is not found.
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:32     Value for the key 4_Kim_l is not found.
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:32     Value for the key DCK:PwdExpireFlg is not found.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:32     Business Service 'Docking Service' invoke method 'VerifyLocalSecurity' Execute Time: 0.004 seconds.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:32     End: Business Service 'Docking Service' invoke method: 'VerifyLocalSecurity' at 88888b0
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     SECMGR: DBSecAdpt_SecAdptDllName=sscfsadbmfcext
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     stored CRC = ''
  SecAdptLog     API Trace     4     000000024fb40848:0     2012-05-17 09:35:32     DB Initialize security adapter.
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     SecAdptName = DBSecAdpt
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     SecAdptMode = 0
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     SecAdptDllName = sscfsadbmfcext
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     PropagteChange = TRUE
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     computed checksum of security adapter library = ''
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     HashUserPwd = FALSE
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     SaltUserPwd = FALSE
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     HashDBPwd = FALSE
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     HashAlgorithm = RSASHA1
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     bMFCShell = TRUE
  SecMgrLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     datasourcename = Local
  SecAdptLog     API Trace     4     000000024fb40848:0     2012-05-17 09:35:32     DB SecurityLogin with username=jasanchez1, parameters=8613310.
  SecAdptLog     Debug     5     000000024fb40848:0     2012-05-17 09:35:32     DB security adapter: Load data source configuration
  Trace     TracingDebug     5     000000024fb40848:0     2012-05-17 09:35:32     Malformed file. Key "viewbarcaption" is duplicated. Duplicate is ignored.
  Trace     TracingDebug     5     000000024fb40848:0     2012-05-17 09:35:32     Malformed file. Key "sortascendingcaption" is duplicated. Duplicate is ignored.
  Trace     TracingDebug     5     000000024fb40848:0     2012-05-17 09:35:32     Malformed file. Key "sortdescendingcaption" is duplicated. Duplicate is ignored.
  Trace     TracingDebug     5     000000024fb40848:0     2012-05-17 09:35:32     Malformed file. Key "calendarfieldcaption" is duplicated. Duplicate is ignored.
  Trace     TracingDebug     5     000000024fb40848:0     2012-05-17 09:35:32     Malformed file. Key "calculatorfieldcaption" is duplicated. Duplicate is ignored.
  CchMgrLog     CchMgrStatsInfo     5     000000024fb40848:0     2012-05-17 09:35:32     Cache statistics 28ee9f0 set for cache Data Cursor.
  CchMgrLog     CchMgrStatsInfo     5     000000024fb40848:0     2012-05-17 09:35:32     Cache statistics 28eea88 set for cache SQL Cursor.
  ObjMgrDBConnLog     Create     5     000000024fb40848:0     2012-05-17 09:35:32     DataBase Connection Object was created at 28ee940; DB User: 'JASANCHEZ1'
  ObjMgrLog     Error     1     000000024fb40848:0     2012-05-17 09:35:33     (wccon.cpp (2156)) SBL-DAT-00522: A Siebel local database error has occurred. Possibly the database name is invalid.
  Please continue or ask your systems administrator to check your application configuration if the problem persists.
  SecAdptLog     API Trace     4     000000024fb40848:0     2012-05-17 09:35:33     Security DB user connect to DB D:\Siebel\8.1\Tools_1\local\sse_data.dbf -q -m -x NONE -gp 4096 -c15p -ch25p with username=jasanchez1 returns err 7668234 and connection 28ee940.
  SecAdptLog     API Trace     4     000000024fb40848:0     2012-05-17 09:35:33     Security DB user delete DB connectoin 28ee940
  ObjMgrDBConnLog     Delete     5     000000024fb40848:0     2012-05-17 09:35:33     DataBase Connection was deleted at 28ee940
  GenericLog     GenericError     1     000000024fb40848:0     2012-05-17 09:35:33     (secmgr.cpp (2697) err=4597538 sys=2) SBL-SEC-10018: A Siebel local database error has occurred. Possibly the database name is invalid.
  Please continue or ask your systems administrator to check your application configuration if the problem persists.(SBL-DAT-00522)
  Incorrect or missing encryption key
  SecAdptLog     Memory Mgmt Trace     5     000000024fb40848:0     2012-05-17 09:35:33     DB SecurityFreeErrMessage, message=<?INT?>.
  GenericLog     GenericError     1     000000024fb40848:0     2012-05-17 09:35:33     (secmgr.cpp (2769) err=4597521 sys=0) SBL-SEC-10001: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
  ObjMgrSessionLog     Error     1     000000024fb40848:0     2012-05-17 09:35:33     (physmod.cpp (9378)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
  ObjMgrSessionLog     Error     1     000000024fb40848:0     2012-05-17 09:35:33     (model.cpp (5970)) SBL-DAT-00565: An internal error has occurred within the authentication subsystem for the Siebel application. Please contact your system administrator for assistance.
  ObjMgrSessionLog     Warning     2     000000024fb40848:0     2012-05-17 09:35:36     (physmod.cpp (9452)) SBL-SFR-00116: The user has cancelled the logon request
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Begin: Business Service 'Docking Service' invoke method: 'VerifyLocalSecurity' at 88888b0
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:36     Value for the key 4_Kim_l is not found.
  Trace     TracingInfo     3     000000024fb40848:0     2012-05-17 09:35:36     Value for the key DCK:PwdLockoutFlg is not found.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Docking Service' invoke method 'VerifyLocalSecurity' Execute Time: 0.014 seconds.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     End: Business Service 'Docking Service' invoke method: 'VerifyLocalSecurity' at 88888b0
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Docking Service' (address: '88888b0')was unregsitered at model '35f7cc0' for session ''
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Docking Service' was deleted at 88888b0
  GenericLog     GenericInfo     3     000000024fb40848:0     2012-05-17 09:35:36     In destructor Sync
  GenericLog     GenericInfo     3     000000024fb40848:0     2012-05-17 09:35:36     Before unlock mutex 777
  ObjMgrBusServiceLog     Create     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' was created at 36d9308
  ObjMgrBusServiceLog     Create     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' (address: '36d9308')was regsitered at model '35f7cc0' for session ''
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Begin: Business Service 'Smart Script Execution Cleanup' invoke method: 'CleanUp' at 36d9308
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' invoke method 'CleanUp' Execute Time: 0.000 seconds.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     End: Business Service 'Smart Script Execution Cleanup' invoke method: 'CleanUp' at 36d9308
  ObjMgrLog     Info     3     000000024fb40848:0     2012-05-17 09:35:36     (modpref.cpp (949)) SBL-DAT-50806: SavePreferences: D:\Siebel\8.1\Client_1\bin\Siebel Universal Agent.spf: Save is not needed. Preferences are not dirty.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Begin: Business Service 'Smart Script Execution Cleanup' invoke method: 'CleanUp' at 36d9308
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' invoke method 'CleanUp' Execute Time: 0.000 seconds.
  ObjMgrBusServiceLog     InvokeMethod     4     000000024fb40848:0     2012-05-17 09:35:36     End: Business Service 'Smart Script Execution Cleanup' invoke method: 'CleanUp' at 36d9308
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' (address: '36d9308')was unregsitered at model '35f7cc0' for session ''
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service 'Smart Script Execution Cleanup' was deleted at 36d9308
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service '' was deleted at 12fab4
  ObjMgrLog     Info     3     000000024fb40848:0     2012-05-17 09:35:36     (modpref.cpp (949)) SBL-DAT-50806: SavePreferences: D:\Siebel\8.1\Client_1\bin\Siebel Universal Agent.spf: Save is not needed. Preferences are not dirty.
  ObjMgrBusServiceLog     Delete     4     000000024fb40848:0     2012-05-17 09:35:36     Business Service '' was deleted at 12fce8
  SecAdptLog     API Trace     4     00
  This is not the complete log, only the part when the authentication fails.
  Edited by: 933682 on May 17, 2012 12:37 AM

• SOX Compliance in HFM- Best Practice

  Hi guys,
  Is there any "best practice" for SOX compliance in HFM? Can you do it by using Shared Services? Should I work with the .SEC file?
  Have you ever been required to do so? I was asked to do so, but since it's not my field, I'm kind of lost...
  Any advice would be greatly appreciated.
  Thanks!
  Jay

  SOX covers a number of topics. Ask for the request list from the SOX auditors, and then go through each item and determine where in the system is the best source.
  The .sec file is likely not going to work. There is a provisioning report that is more helpful for user access.