XI Security Guide

Similar Messages

• Security Guide for Enhancement Pack 4 for ECC 6.0

  Hello,
  I am trying to analyse the impact of applying Enhancement pack 4 for ECC 6.0, Can someone help me find any security guides for it.
  It is an existing system and few additional modules are being implemented.
  Kind Regards.

  Hello,
  We have applied EHP4 on an exisiting(running) ECC 6.0 System. Can someone help me find answers to below queries
  a) What is  the SAP standard process to start with Security bit.
  b) Do we need to run SU25 steps. If yes, which one of them.
  c) Since the purpose of applying EHP4 was to activate few set of new business functionalities, we intend to affect the existing security design at the minimal. What is the best approach for this.
  Kind Regards,
  Abdul

• Security guide for PI 7.1

  Hi all,
  Can anybody tell me if there is a security guide available for PI 7.1 ?
  regards,
  Loveena .

  Here it is
  http://help.sap.com/saphelp_nwpi71/helpdata/en/8c/2ec59131d7f84ea514a67d628925a9/frameset.htm
  Regards,
  Prateek

• SEM-BCS authorization or Security Guide

  Hello,
  Last year We went Live with SEM-BCS Project.Now We need to restrict all the t-Code's in SEM-BCS. During the Go-Live We have provided  Full authorization's to everyone.Now Auditor's are bugging us to restrict the access in the SEM-BCS system.If Possible anyone can provide authorization or Security Guide for BCS Project
  Vijay

  Hello Again,
  Guide Contain's Only Authorization Object's & Default SAP Defined Roles. But Here it a different Scenario. SEM-BCS team has provided me 30 T-Codes & I am supposed to Pick all the Default Values for all the T-Codes.
  I am doing it from T-Code: SU24 & Updating it in Excel. My Question's are
  1. How to get more Knowledge on the Tcodes
  2. How it will Function
  3. In what way we can restrict the Feild values & Activities for the T-codes.
  My functional team Have no Knowledge on this Objects & what activities should be there.
  Now i need to explain them each & every T-Code & what does each feild & Activity Do. If there is any Go-Live document for this it will be really helpful for me.
  For All 30 T-codes I need to create Custom Roles &  Audit need's No Astrick for new custom Roles.
  Vijay

• System 9 Security guide

  Hi,
  Where do I find the Hyperion System 9 Security Guide refered to in the Planning admin guide?
  Is it a PDF located somewhere.
  Thanks
  CD

  Hi,
  All documents are at :- http://download.oracle.com/docs/cd/E10530_01/welcome.html
  For the Security Guide, click the Installation & Backup tab and it is under common installation.
  Cheers
  John

• Java UME Security Guide?

  Hello,
  I'm looking to understand NW java security. For example I need to understand enough to give  a development team access to the WebDynpro adminstrator enough to look at and test their WebDynpro developments but not have access to the WebDynpro console, ume, other NW administration. The portal will not be used at this point. I want to be able to restrict permissions in java only. Is there a security guide out there that explains this.
  Your help is appreciated.
  Thanks,
  Doug
  The roles I'm seeing out of box in our sandbox are...
  Administrator
  SAP_JAVA_NWADMIN_CENTRAL
  SAP_JAVA_NWADMIN_CENTRAL_READONLY
  SAP_JAVA_NWADMIN_LOCAL
  SAP_JAVA_NWADMIN_LOCAL_READONLY
  SAP_JAVA_NWMOBILE_ADMIN_READONLY
  SAP_JAVA_NWMOBILE_ADMIN_SUPER
  SAP_JAVA_NWMOBILE_HG_ADMIN
  SAP_JAVA_SUPPORT

  Hi Doug,
  Volker and Raymond have good suggestions. You can also use the search function on the Help Portal to find out more about the roles in question.
  The Mobile roles are here: [Setting Up Administrator Users |http://help.sap.com/saphelp_nw70/helpdata/EN/3e/9f934257a5c96ae10000000a155106/frameset.htm].
  SAP_JAVA_SUPPORT is for the Solution Manager. Here is a document from SDN that mentions it: [Supportability Setup Guide Solution Manager Diagnostics|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4c02c046-0a01-0010-deb3-c7f7d5b95776|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/4c02c046-0a01-0010-deb3-c7f7d5b95776] page 57. The document is kind of old though, 2005.
  The others are roles for the SAP NetWeaver Administrator. The local role is for granting administrator access to the application. The central role is reserved for future use, I believe.
  -Michael
  Edited by: Michael Shea on Sep 4, 2008 11:46 AM
  Make the link pretty.

• Roles / Security guide

  Hello everyone:
  Im administrating a demo SAP Web App Server Java/ABAP and I'd like to know about security but in specific about roles needed for main tasks, for instance, what permissions are needed for an ABAP Developer, XI user, Portal admin, etc, I don't want to give SAP_ALL to everyone.
  Is there any guide / place where I can check this out? not really a guide to Fully Secure SAP Applications, but just about roles needed for each use.
  Thanks!
  Alejandro

  Thanks Sri:
  I actually meant if there's a guide for a WebAs administrator, let's say, besides the predefined roles and their permissions, what happens when I want to create new roles, based on technical/functional decisions, which roles should I pick for them.
  Let's say, I want a developer Java + ABAP user, so he needs permissions / roles A, B and C
  Is there anything like that available?
  Thanks!
  Alejandro

• Security guides

  First time posting and coming from xp/FC7.
  I've decided to give Linux a more serious go around as I have played around with FC7 for a while but haven't really learned much as there is not much you really need to do besides point and click.   I like the idea behind Arch where I can build the system up around what I need and not what the organization that is sponsoring the distro thinks I need.
  That being said I'd like to along with becoming more accustomed to working with the backend of a unix like OS I also want to get a few pointers on good security practices.  The most in depth I have been so far with setting up security measures has been the basic firefox+noscript, running windows firewall if that gives you an idea of how new I am to the whole topic.
  So any guides/books/blogs/articles discussing good security practices related unix like operating systems or better yet arch in particular would be greatly appreciated.

  Read more about firewalls here, here, here and here.
  Besides that, these are the basic, most important security measures:
  - Don't work in the root account/set up a user account with the right privileges
  - Build packages from AUR as user, not root (only install them via root)
  Noscript for firefox on linux is also a good idea. Same is true for adblock, flashblock etc
  edit: Oh, and welcome to the Arch Forum, have fun!
  edit2: I was wrong about the firewall
  Last edited by Sigi (2008-04-16 16:01:42)

• 10.1.3. EJB security guide

  I want to use file based security provider and deploy also on embedded application server
  I found two guides
  download-west.oracle.com/docs/cd/B32110_01/web.1013/b28957/ejbsec.htm
  and a bit shorer
  download-east.oracle.com/docs/cd/B25221_04/web.1013/b14429/ejbsec.htm
  Which one should I read

  Thanks for the link. I was more interested in Adapter Installation guide for connecting peoplesoft. From the link you gave, I was able to locate that document.
  After installing 10.1.3 Adapters (only Desing time components), I am not able to start iaexplorer.exe. When I start that , nothing happens.
  Application Server: 10.1.3.0 (Oracle SOA Suite)
  Adapter Version: 10.1.3.0(Adapters for PeopleSoft, etc)
  Installation option during Adapter installation: Desing time components.
  Problem: IAExplorer doesnt start.
  I tried executing , "ae.bat" and this is what the error i get. Any pointers towards solution would be appreciated
  starting java
  ######### Error: Can not init logging ...
  Exception in thread "main" java.lang.NoSuchFieldError: WHITE
  at com.ibi.bse.gui.BseFlashScreen.initComponents2(BseFlashScreen.java:92
  at com.ibi.bse.gui.BseFlashScreen.<init>(BseFlashScreen.java:30)
  at com.ibi.bse.gui.BseFlashScreen.main(BseFlashScreen.java:158)
  Thanks

• Error (or at least confusing statements) in the 12.1 Security Guide

  On Page 4-16 under Creating a common role, one paragraph states:
  Set the CONTAINER clause to ALL. In most cases, omitting this clause from the CREATE ROLE statement or setting it to CURRENT creates the role as a local role and applies it to the current PDB only. However, if you are logged in to the root and omit the CONTAINER clause, then by default the role is created as a common role, not a local role. You can create common roles only in the root.
  The first part of that paragraph states (or at least implies) that creating a role while connected to a PDB will create a common role is CONTAINER is set to ALL.  The last sentence states that you can create common roles only in the root. The implication is that you can create common roles only while connected to root, which would invalidate the earlier statements.

  Hi Matthew,
  Thanks for catching this error, and I apologize for the confusion! To create a common role, you must be in the root. I've reworded the section to say the following:
  To create a common role, follow these rules:
  Ensure that you are in the root. You cannot create common roles from a PDB. To check if you are in the root, run the show con_name command. The output should indicate that you are in the root (CDB$ROOT).
  Ensure that the name that you give the common role starts with C## or c## and contain only ASCII or EDCDIC characters. Note that this requirement does not apply to the names of existing Oracle-supplied roles, such as DBA or RESOURCE.
  Optionally, set the CONTAINER clause to ALL. As long as you are in the root, if you omit setting the CONTAINER = ALL clause, then by default the role is created as a common role.
  Thanks,
  Pat Huey

• How to embed user credentials in Secured Web Service from OBIEE 11gFMW?

  I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic.
  Here are the steps I completed:
  - I exposed a WSDL web service in EBS R12 via Integrated SOA Gateway
  - I granted the access to this service in EBS R12 to user SYSADMIN
  - I used OBIEE 11g to make a Action to call the Web service (using Action Framework) by searching for the WSDL
  - When I try to execute the action: I get the error:
  Action could not be invoked.
  ServiceExecutionFailure :
  Error invoking web service HR_PHONE_API_Service at endpoint http://ip-10-87-33-3.ec2.internal:8000/webservices/SOAProvider/plsql/hr_phone_api/ Missing <wsse:Security> in SOAP Header
  PROBLEM: I am unsure how to add the credentials for SYSADMIN user and password to add the SOAP username/pwd to the outgoing call. According to the documentation in the Integrators guide, FMW Security guide, and Web Logic guides..seems we have to configure the SOAP call to have the proper credentials. The documentation is not very clear on exactly how to do this. I tried to set up the credential store and an account in ActionFrameWorkConfig.xml but I am still missing something. I am logged into OBIEE as biadmin and I am trying to call a webservie in EBS that is granted to SYSADMIN/sysadmin user. Pls advise.

  I am trying to invoke a webservice that I successfully exposed as a WSDL Web Service using EBS Integrated SOA Gateway. I am using OBIEE 11g Action Framework which uses WebLogic.
  Here are the steps I completed:
  - I exposed a WSDL web service in EBS R12 via Integrated SOA Gateway
  - I granted the access to this service in EBS R12 to user SYSADMIN
  - I used OBIEE 11g to make a Action to call the Web service (using Action Framework) by searching for the WSDL
  - When I try to execute the action: I get the error:
  Action could not be invoked.
  ServiceExecutionFailure :
  Error invoking web service HR_PHONE_API_Service at endpoint http://ip-10-87-33-3.ec2.internal:8000/webservices/SOAProvider/plsql/hr_phone_api/ Missing <wsse:Security> in SOAP Header
  PROBLEM: I am unsure how to add the credentials for SYSADMIN user and password to add the SOAP username/pwd to the outgoing call. According to the documentation in the Integrators guide, FMW Security guide, and Web Logic guides..seems we have to configure the SOAP call to have the proper credentials. The documentation is not very clear on exactly how to do this. I tried to set up the credential store and an account in ActionFrameWorkConfig.xml but I am still missing something. I am logged into OBIEE as biadmin and I am trying to call a webservie in EBS that is granted to SYSADMIN/sysadmin user. Pls advise.

• How to deploy a secured ADF 11g application to WebLogic 10.3 server?

  Hi,
  I have just enabled security in our ADF 11g application, as descripbed in [chapter 29|http://download.oracle.com/docs/cd/E12839_01/web.1111/b31974/adding_security.htm#insertedID0] of the Fusion Developer's Guide. It works fine in the embedded WebLogic server of JDeveloper.
  Now I'm trying to deploy to our WebLogic 10.3 server, which runs in production mode. I'm running into all sorts of problems. The WebLogic console seems to have hundreds of security related pages, I don't know which one I should use, let alone how to use it. The Fusion Developer's Guide doesn't cover deployment to a production server:
  >
  When the target server is configured for production mode, you typically handle the migration task outside of JDeveloper using tools like Oracle Enterprise Manager. For details about using tools outside of JDeveloper to migrate the policy store to the domain-level in a production environment, see the [Oracle Fusion Middleware Security Guide|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/toc.htm].
  >
  However, this guide is of very little help to me. I found [chapter 7|http://download.oracle.com/docs/cd/E12839_01/core.1111/e10043/addlsecfea.htm#insertedID0], which says "The recommended tool is Fusion Middleware Control." I have no idea what "Fusion Middleware Control" is, where to get it and how to use it.
  Long story short: I'm totally lost. I'm looking for a step by step guide on how to deploy a secured ADF 11g application to a WegLogic 10.3 server that is running in production mode. Any help is highly appreciated.

  Ok, I found a [very helpful blog post |http://andrejusb.blogspot.com/2009/01/practical-adf-security-deployment-on.html] by [Andrejus Baranovski|http://www.blogger.com/profile/04468230464412457426]. I wish Oracle's documentation was as clear as this...
  The blog post refers to an article by Steve Muench, called [Simplified ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers|http://www.oracle.com/technology/products/jdev/tips/muench/credmig111100/index.html]. This article presents an Ant script that migrates policies from JDeveloper to WebLogic, using some PFM. (See the last definition here.)
  The problem is that Steve Muench's script assumes that JDeveloper and the standalone WebLogic are on the same machine. However, in a typical environment, such as the one I'm working in currently, this is not the case. In our case the developer stations are Windows machines, while our WebLogic server runs on a HP-UX machine. So the question is: how to perform this migration between two machines with different operating systems?
  Regards,
  Bart Kummel

• Can database activities of creating or dropping tables/packages be tracked in the security/system logs

  Can database activity like create or drop tables and packages be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
  Can purging of oracle log, n case the file has become big or even tempered be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?

  2765539 wrote:
  Can database activity like create or drop tables and packages be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
  Can purging of oracle log, n case the file has become big or even tempered be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
  Your first question is easy, you configure audit to log to the OS audit trail with
  alter system set audit_trail=os scope=spfile;
  and then enable audit for whatever actions you want to capture. All documented in the Security Guide.
  Your second question makes no sense unless you explain what you mean by "oracle log".

• Jdev 10.1.3.1 "ADF Security": Application without a custom login page?

  Hi,
  We are trying to develop an application using "ADF security", which means we can give permissions to certain roles based on "Binding Container", "Iterator Binding", "Method Action Binding" and "Attribute-level Binding".
  After reading the document -- "Oracle® Containers for J2EE Security Guide 10g (10.1.3.1.0) B28957-01" that Frank pointed out. We have a question:
  Can we develop an ADF application without creating a custom login page? Right now we've followed the security guide and modified the configuration files. But when we run the application, we get the "user null" error message. The reason is clear because we do not have a login page. On the security guide, it says that it is possible to use the oracle default login module. But it does not say how. Does anyone have any idea?
  Thanks,
  Annie

  Brenden,
  Thank you so much for the reply. This is our code in the web.xml:
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  We are using HTTP basic Authentication. This technique worked for the container-managed security. The browser default login page pops up when the end users try to log into a secured JSP. But here we want to use "ADF security" to set up "Iterator binding" and "Attribute level binding" security. The browser default login page does NOT show up. Instead we get the "user null" error message.
  If you have detailed step on how to select HTTP Basic Authentication, it would be very helpful to us. Or if you know any document has the detail.
  regards,
  Annie

• What are the steps required in NWA and ID in order to enhance security of adapters in PI 7.31 Java Stack ?

  HI All,
  I am looking for steps need to follow for seurity and certificate management in PI 7.31 Java Stack.
  Could someone help me with the security and certificate management steps needs to follow for SOAP/RFC/MAIL adapter ?
  I looked at sap help link Network and Transport Layer Security - SAP NetWeaver Process Integration Security Guide - SAP Library
  Regards,
  Karan

  Hi Karan,
  For SOAP adapter you can use digital signing and encryption. Please refer the below blog
  Configuring WSSE (digital signing and encryption) using SAP PI 7.11 AAE SOAP Adapter
  regards,
  Harish