SAP R/3 default password vulnerability
Sunday, June 29th, 2008| USER | DEFAULT PASSWORD |
| SAP* | 06071992 |
| SAPCPIC | ADMIN |
| DDIC | 19920706 |
| EARLYWATCH | SUPPORT |
Popularity: 6% [?]
Archive for June, 2008
Roles Involved in the Transport Process
Friday, June 27th, 2008The functions of the change and transport organizers allow developers to have the organization and coordination of individual or team development projects. Within the environment of the organizers and transport system, there are two points of view concerning the roles of individuals in charge of controlling and managing the system:
The R/3 developers and/or the people doing the customizing work are in charge of creating or correcting development objects as well as customizing the system, and thus will create the change requests or use common change requests in a project. Releasing the change requests actually performs the export phase of a transport. When doing this, they should also check the log of the export phase as well as inform the administrator of the status and possibly request that the administrator make the import.
¨
The R/3 administrator is (more…)
Popularity: 5% [?]
What is Common Programming Interface Communications (CPICI)
Friday, June 27th, 2008CPIC (Common Programming Interface Communications) is the interface deployed by the ABAP language for program-to-program communication. CPIC was defined and developed by IBM as a standardized communication interface and was later modified and enhanced by the X/Open organization. The CPIC communication interface is useful when setting up communications and data conversion and exchange between programs. Since CPIC is based on a common interface, an additional advantage is the portability of the programs across different hardware platforms.
SAP divides the possibilities and the scope of the CPIC interface into two function groups: the CPIC starter set and the advanced function calls. This division is simply meant to guide the user and not to restrict the available functions. For instance, the CPIC starter set would just be used for the basic and minimum set of functions shared by two partner programs, such as establishing the connection and exchanging data. The advance calls cover more communication functionality, such as converting data, checking the communication, and applying security functions. For more information on these CPIC function groups, refer to the SAP documentation BC SAP Communication: CPI-C Programmer’s Guide. (more…)
Popularity: 8% [?]
List of SAP R/3 Security Table
Wednesday, June 25th, 2008SAP R/3 Security Table are Tables in SAP R/3 that have relations or direct impact to Logical Access Control, Program Changes Control and Operational Control. Today, the convergence of the Internet within distributed ERP systems is ever-increasing the demands on data and business process security almost exponentially.
Organizations which employ distributed business processes and data systems require surety of both data and its accompanied processes; promising continued support of essential business needs – whilst mitigating unauthorized access to critical information. This is especially true with the introduction of Sarbanes-Oxley and other federally mandated policies and procedures – many having direct (read potential fines and/or jail time) responsibility tied to the efficacious employment of recognized security measures.
Below the list of SAP R/3 Security Table that could be used for your referrences
| USR02 | Logon data |
| USR04 | User master authorization (one row per user) |
| UST04 | User profiles (multiple rows per user) |
| USR10 | Authorisation profiles (i.e. &_SAP_ALL) |
| UST10C | Composit profiles (i.e. profile has sub profile) |
| USR11 | Text for authorisation profiles |
| USR12 | Authorisation values |
| USR13 | Short text for authorisation |
| USR40 | Tabl for illegal passwords |
| USGRP | User groups |
| USGRPT | Text table for USGRP |
| USH02 | Change history for logon data |
| USR01 | User Master (runtime data) |
| USER_ADDR | Address Data for users |
| AGR_1016 | Name of the activity group profile |
| AGR_1016B | Name of the activity group profile |
| AGR_1250 | Authorization data for the activity group |
| AGR_1251 | Authorization data for the activity group |
| AGR_1252 | Organizational elements for authorizations |
| AGR_AGRS | Roles in Composite Roles |
| AGR_DEFINE | Role definition |
| AGR_HIER2 | Menu structure information – Customer vers |
| AGR_HIERT | Role menu texts |
| AGR_OBJ | Assignment of Menu Nodes to Role |
| AGR_PROF | Profile name for role |
| AGR_TCDTXT | Assignment of roles to Tcodes |
| AGR_TEXTS | File Structure for Hierarchical Menu – Cus |
| AGR_TIME | Time Stamp for Role: Including profile |
| AGR_USERS | Assignment of roles to users |
| USOBT | Relation transaction to authorization object (SAP) |
| USOBT_C | Relation Transaction to Auth. Object (Customer) |
| USOBX | Check table for table USOBT |
| USOBXFLAGS | Temporary table for storing USOBX/T* chang |
| USOBX_C | Check Table for Table USOBT_C |
Popularity: 100% [?]
Download SAP Segregation of Duties (SOD)
Wednesday, June 25th, 2008SAP R/3 segregation of duties (SOD) is a basic key internal control that is used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business.
Segregation of duties provides two benefits:
1) a deliberate fraud is more difficult because it requires collusion of two or more persons, and
2) it is much more likely that innocent errors will be found. At the most basic level, it means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties. (more…)
Popularity: 23% [?]