transacciones was
TRANSCRIPT
Transaction Description
TADM10_1
1 SESSION_MANAGER Initial transaction in SAP standard menu
2 SICF ICF Administration (Services)
3 SMICM ICM administration4 SU3 Maintain Users Own data
5 RSPFPAR Display System Parameters
6 SM04 Monitor users per instance7 SU01 User Maintenance8 PFCG Role Maintenance Tool9 SE43 Area Menu Maintenance
10 SE16 Display and Create Table Contents11 SM30 Maintain Table Views12 SBWPSO01 Business Workplace13 SMW0 SAP Web Repository Image Upload14 SIGS IGS Administration15 SM51 Shows Instances of the system 16 SMMS Message Server Monitor17 SMGW Gateway Monitor18 SM50 Shows processes of an instance
19 SM66 Shows processes of an instance (global)20 ST02 SAP Memory
21 SP01 Spool and Output Requests Administration
22 SP02 Spool Requests Administration23 SM36 Creation of Jobs24 SM36WIZ Creation of Jobs (wizard)25 SMX Job Monitoring (own jobs)26 AL08 Monitor users per system27 ST07 Monitor users per instance by application28 ST06OS06 OS Monitor29 RZ03 CCMS Control Panel30 ST11 Startup Error Log Files31 AL11 SAP Directories amp Env variables32 SM35 Batch Input Overview and Monitoring33 SM02 System Messages Administration34 SE37-gt TH_POPUP Function to send messages to a user35 RZ11 System Parameters (1 at the time)36 RZ04 Operation Modes37 SM63 Operation Modes Time Table38 STRUSTSSO2 Trust Manager for Logon Ticket39 SPRO SAP Customizing through IMG
40 SPRO_ADMIN SAP Customizing Project Administration41 SCC4 Client Administration42 SE09SE10 Transport Organizer43 STMS TMS Configuration44 ABAPDOCU Abap Documentation45 SE13 Dictionary - Technical Settings46 SE14 DB Utility (to create tables in DB)
TADM10_2
47 SITSPMON Internal ITS Status
48 SICFRECORDER
49 SMLG SAP Logon Groups
50 SU5651 SUGR Group maintenance52 SE43 Area Menu Maintenance53 SSM2 Set Initial Area Menu Systemwide54 SU10 Mass Changes for Users55 SU02 Authorization Profiles
56 SU0357 SU53 Check Failed Authorizations58 ST01 System Trace (User Authorization Trace)59 PFUD User Master Data Reconciliation60 SUIM User Information
61 SECR
62 SM20 Analysis of Security Audit Log
63 SM1964 SM59 RFC Destinations65 SM58 Transactional RFC66 SMQ1 qRFC (outbound queue)67 SMQ2 qRFC (inbound queue)
68 RSRFCCHK69 RSARFCLD Report that gets and sets RFC quotas70 BD64 Distribution model 71 WE20 Partner profiles
72 WE21 Port definitions
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
Every user can display his or her own user buffer with this transaction
Authorization Objects and Authorizations Maintenance
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
Security Audit (Static and Dynamic Configuration)
List each RFC destination and the user involved
73 WSADMIN74 BAPI BAPI browser (40) 75 SWDD Workflow Builder76 SWUI_DEMO Wokflows Demos77 RMMAIN78 SALE79 BD5480 SLDHTMLGUI81 RZ7082 SLDCHECK83 RZ2084 RZ21
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Transactions as they appeared on course TADM10TADM12 November 2009
WAS Administration Transactions
Transaction Navigation Notes
SESSION_MANAGER Initial transaction in SAP standard menu
SEARCH_SAP_MENU
SEARCH_USER_MENU
Shortcut in Command Field
n Cancel the current transaction
nXXXXo Display an overview of sessions
oXXXX
nend
nexi Delete the session you are currently usingsc Search a string in a screen pagepc Download a document to your desktop$sync SAP buffer reset$sync all SAP buffer resetSMW0 SAP Web Repository Image Upload
SAP Administration and Configuration
SM51 Shows Instances of the system Shows requests in dispatchers queueSM50 Shows processes of an instance
SM66 Shows processes of an instance (global)SM04 Monitor users per instanceAL08 Monitor users per system
ST07 Monitor users per instance by applicationST02 SAP MemorySM12 SAP LocksSM13 SAP UpdatesSM14 SAP Update AdministrationSM21 SAP LogsST22 SAP DumpsAL11 SAP Directories amp Env variablesSMLG SAP Logon GroupsST11 Startup Error Log Files
RZ03 CCMS Control PanelSICK SM28 SAP Consistency CheckSM01 Transaction Code Administration Lock Unlock of transactionsSM02 System Messages AdministrationSE37 -gt TH_POPUP Function to send messages to a userRZ04 Operation ModesSM63 Operation Modes Time Table
search the corresponding menus for the predefined text pattern in sap menu
The users and SAP menus can be structured in a pretty complex way It is then difficult to remember the exact path for the transaction you are looking for The search result is prepared in a list view from which you can take the navigation path
search the corresponding menus for the predefined text pattern in user menu
Call transaction XXXX directly from another transaction
Call transaction XXXX in a new session directly from another transaction
End the logon session with a confirmation dialog box
End the logon session without a confirmation dialog box
Initialize and stop instances trigger manualy operation modes
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
40 SPRO_ADMIN SAP Customizing Project Administration41 SCC4 Client Administration42 SE09SE10 Transport Organizer43 STMS TMS Configuration44 ABAPDOCU Abap Documentation45 SE13 Dictionary - Technical Settings46 SE14 DB Utility (to create tables in DB)
TADM10_2
47 SITSPMON Internal ITS Status
48 SICFRECORDER
49 SMLG SAP Logon Groups
50 SU5651 SUGR Group maintenance52 SE43 Area Menu Maintenance53 SSM2 Set Initial Area Menu Systemwide54 SU10 Mass Changes for Users55 SU02 Authorization Profiles
56 SU0357 SU53 Check Failed Authorizations58 ST01 System Trace (User Authorization Trace)59 PFUD User Master Data Reconciliation60 SUIM User Information
61 SECR
62 SM20 Analysis of Security Audit Log
63 SM1964 SM59 RFC Destinations65 SM58 Transactional RFC66 SMQ1 qRFC (outbound queue)67 SMQ2 qRFC (inbound queue)
68 RSRFCCHK69 RSARFCLD Report that gets and sets RFC quotas70 BD64 Distribution model 71 WE20 Partner profiles
72 WE21 Port definitions
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
Every user can display his or her own user buffer with this transaction
Authorization Objects and Authorizations Maintenance
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
Security Audit (Static and Dynamic Configuration)
List each RFC destination and the user involved
73 WSADMIN74 BAPI BAPI browser (40) 75 SWDD Workflow Builder76 SWUI_DEMO Wokflows Demos77 RMMAIN78 SALE79 BD5480 SLDHTMLGUI81 RZ7082 SLDCHECK83 RZ2084 RZ21
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Transactions as they appeared on course TADM10TADM12 November 2009
WAS Administration Transactions
Transaction Navigation Notes
SESSION_MANAGER Initial transaction in SAP standard menu
SEARCH_SAP_MENU
SEARCH_USER_MENU
Shortcut in Command Field
n Cancel the current transaction
nXXXXo Display an overview of sessions
oXXXX
nend
nexi Delete the session you are currently usingsc Search a string in a screen pagepc Download a document to your desktop$sync SAP buffer reset$sync all SAP buffer resetSMW0 SAP Web Repository Image Upload
SAP Administration and Configuration
SM51 Shows Instances of the system Shows requests in dispatchers queueSM50 Shows processes of an instance
SM66 Shows processes of an instance (global)SM04 Monitor users per instanceAL08 Monitor users per system
ST07 Monitor users per instance by applicationST02 SAP MemorySM12 SAP LocksSM13 SAP UpdatesSM14 SAP Update AdministrationSM21 SAP LogsST22 SAP DumpsAL11 SAP Directories amp Env variablesSMLG SAP Logon GroupsST11 Startup Error Log Files
RZ03 CCMS Control PanelSICK SM28 SAP Consistency CheckSM01 Transaction Code Administration Lock Unlock of transactionsSM02 System Messages AdministrationSE37 -gt TH_POPUP Function to send messages to a userRZ04 Operation ModesSM63 Operation Modes Time Table
search the corresponding menus for the predefined text pattern in sap menu
The users and SAP menus can be structured in a pretty complex way It is then difficult to remember the exact path for the transaction you are looking for The search result is prepared in a list view from which you can take the navigation path
search the corresponding menus for the predefined text pattern in user menu
Call transaction XXXX directly from another transaction
Call transaction XXXX in a new session directly from another transaction
End the logon session with a confirmation dialog box
End the logon session without a confirmation dialog box
Initialize and stop instances trigger manualy operation modes
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
73 WSADMIN74 BAPI BAPI browser (40) 75 SWDD Workflow Builder76 SWUI_DEMO Wokflows Demos77 RMMAIN78 SALE79 BD5480 SLDHTMLGUI81 RZ7082 SLDCHECK83 RZ2084 RZ21
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Transactions as they appeared on course TADM10TADM12 November 2009
WAS Administration Transactions
Transaction Navigation Notes
SESSION_MANAGER Initial transaction in SAP standard menu
SEARCH_SAP_MENU
SEARCH_USER_MENU
Shortcut in Command Field
n Cancel the current transaction
nXXXXo Display an overview of sessions
oXXXX
nend
nexi Delete the session you are currently usingsc Search a string in a screen pagepc Download a document to your desktop$sync SAP buffer reset$sync all SAP buffer resetSMW0 SAP Web Repository Image Upload
SAP Administration and Configuration
SM51 Shows Instances of the system Shows requests in dispatchers queueSM50 Shows processes of an instance
SM66 Shows processes of an instance (global)SM04 Monitor users per instanceAL08 Monitor users per system
ST07 Monitor users per instance by applicationST02 SAP MemorySM12 SAP LocksSM13 SAP UpdatesSM14 SAP Update AdministrationSM21 SAP LogsST22 SAP DumpsAL11 SAP Directories amp Env variablesSMLG SAP Logon GroupsST11 Startup Error Log Files
RZ03 CCMS Control PanelSICK SM28 SAP Consistency CheckSM01 Transaction Code Administration Lock Unlock of transactionsSM02 System Messages AdministrationSE37 -gt TH_POPUP Function to send messages to a userRZ04 Operation ModesSM63 Operation Modes Time Table
search the corresponding menus for the predefined text pattern in sap menu
The users and SAP menus can be structured in a pretty complex way It is then difficult to remember the exact path for the transaction you are looking for The search result is prepared in a list view from which you can take the navigation path
search the corresponding menus for the predefined text pattern in user menu
Call transaction XXXX directly from another transaction
Call transaction XXXX in a new session directly from another transaction
End the logon session with a confirmation dialog box
End the logon session without a confirmation dialog box
Initialize and stop instances trigger manualy operation modes
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Transactions as they appeared on course TADM10TADM12 November 2009
WAS Administration Transactions
Transaction Navigation Notes
SESSION_MANAGER Initial transaction in SAP standard menu
SEARCH_SAP_MENU
SEARCH_USER_MENU
Shortcut in Command Field
n Cancel the current transaction
nXXXXo Display an overview of sessions
oXXXX
nend
nexi Delete the session you are currently usingsc Search a string in a screen pagepc Download a document to your desktop$sync SAP buffer reset$sync all SAP buffer resetSMW0 SAP Web Repository Image Upload
SAP Administration and Configuration
SM51 Shows Instances of the system Shows requests in dispatchers queueSM50 Shows processes of an instance
SM66 Shows processes of an instance (global)SM04 Monitor users per instanceAL08 Monitor users per system
ST07 Monitor users per instance by applicationST02 SAP MemorySM12 SAP LocksSM13 SAP UpdatesSM14 SAP Update AdministrationSM21 SAP LogsST22 SAP DumpsAL11 SAP Directories amp Env variablesSMLG SAP Logon GroupsST11 Startup Error Log Files
RZ03 CCMS Control PanelSICK SM28 SAP Consistency CheckSM01 Transaction Code Administration Lock Unlock of transactionsSM02 System Messages AdministrationSE37 -gt TH_POPUP Function to send messages to a userRZ04 Operation ModesSM63 Operation Modes Time Table
search the corresponding menus for the predefined text pattern in sap menu
The users and SAP menus can be structured in a pretty complex way It is then difficult to remember the exact path for the transaction you are looking for The search result is prepared in a list view from which you can take the navigation path
search the corresponding menus for the predefined text pattern in user menu
Call transaction XXXX directly from another transaction
Call transaction XXXX in a new session directly from another transaction
End the logon session with a confirmation dialog box
End the logon session without a confirmation dialog box
Initialize and stop instances trigger manualy operation modes
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
WAS Administration Transactions
Transaction Navigation Notes
SESSION_MANAGER Initial transaction in SAP standard menu
SEARCH_SAP_MENU
SEARCH_USER_MENU
Shortcut in Command Field
n Cancel the current transaction
nXXXXo Display an overview of sessions
oXXXX
nend
nexi Delete the session you are currently usingsc Search a string in a screen pagepc Download a document to your desktop$sync SAP buffer reset$sync all SAP buffer resetSMW0 SAP Web Repository Image Upload
SAP Administration and Configuration
SM51 Shows Instances of the system Shows requests in dispatchers queueSM50 Shows processes of an instance
SM66 Shows processes of an instance (global)SM04 Monitor users per instanceAL08 Monitor users per system
ST07 Monitor users per instance by applicationST02 SAP MemorySM12 SAP LocksSM13 SAP UpdatesSM14 SAP Update AdministrationSM21 SAP LogsST22 SAP DumpsAL11 SAP Directories amp Env variablesSMLG SAP Logon GroupsST11 Startup Error Log Files
RZ03 CCMS Control PanelSICK SM28 SAP Consistency CheckSM01 Transaction Code Administration Lock Unlock of transactionsSM02 System Messages AdministrationSE37 -gt TH_POPUP Function to send messages to a userRZ04 Operation ModesSM63 Operation Modes Time Table
search the corresponding menus for the predefined text pattern in sap menu
The users and SAP menus can be structured in a pretty complex way It is then difficult to remember the exact path for the transaction you are looking for The search result is prepared in a list view from which you can take the navigation path
search the corresponding menus for the predefined text pattern in user menu
Call transaction XXXX directly from another transaction
Call transaction XXXX in a new session directly from another transaction
End the logon session with a confirmation dialog box
End the logon session without a confirmation dialog box
Initialize and stop instances trigger manualy operation modes
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
SR13SSAA System Administration Assistant
SLG0
SLG1
SLG2
SCU3 Table Changes Log
SMGW Gateway MonitorSIGS IGS AdministrationST06OS06 OS Monitor
Batch Input
SM35 Batch Input Overview and Monitoring
SAP Archiving
SARA Archive AdministrationFILE Logical Path File Definition for ArchivingDB15 Tables and Archiving Objects Relations
SAP Parameters and Profiles
RSPFPAR Display System ParametersRZ10 System Parameters AdministrationRZ11 System Parameters (1 at the time)SAPPFPAR Shows profile parameters OS Command
SMICM ICM administrationSICF ICF Administration (Services)
SICFRECORDERSITSPMON Internal ITS Status
Mail and Collaboration ToolsSBWPSO01 Business Workplace
Monitoring Notes
SAP HELP and Documentaion Configuration
Use transaction SLG0 to define entries for your own applications in the application log
The application log includes application messages just as the system log includes system messages It is used heavily in SAP APO the SAP SCM Event Manager and Warehouse Management The log traces application events and tasks and reports on their activity (for example transfer of data from SAP ECC to SAP APO) The application log is used to trace who initiated the transfer when the transfer was madeand what was transferred
Old application logs can be deleted in transaction SLG2
Internet and Browser-Based Administration
enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
RZ20 CCMS MonitoringRZ21 Configuracioacuten del CCMS monitoring
GRMG Generic Request and Message Generator
ST03G
STATTRACE
STAD
ALRTINBOXSALRT1 RFC destination for Central Alert ServerALRTCATDEF Alert Categories Management
SA38 -gt RSTBHIST
ST10STUN Performance Monitoring Menu Set of monitoring toolsSMMS Message Server Monitor
SAP Office and Communications
SBWP SO01 SAP Business WorkplaceSE37 --gt th_popup Sends personalized popup messages to usersOSS1 Log On to SapNetSM55 THOST Table Maintenance
Database Administration (Oracle)
DB01 Database LocksDB02 Database Space OverviewDB03 Log of database parameters changes
DB05
DB12 Backup log overview
DB13 DBA planning calendar
DB13C Central DBA planning calendar
Global Workload Monitor displays Java statistical records that are used for performance monitoring
The SAP WAS Java can write distributed statistics records (DSRs) that can trace actions that are processed using non-ABAP components such as WAS Java Business Connector (BC) and ITS The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP
If you find errors in the Global Workload monitor you can analyze these using the performance trace (also known as the functional trace) The performance trace provides a finer granularity than DSR
SAP Workload Business Transaction Analysis
The Alert Inbox is an application based on BSP which calls the URL httphostportsapbcbspsapalertinbox
Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM This method is similar to CCMS_OnAlert_Email with which you can define an automatic alert notification A difference is that when you are forwarding alerts to the ALM you no longer need to specify the sender and recipient in the method definition
Obtain a list of those tables that are currently set to be logged
Performance Analysis Table Buffer Invalidations
Analysis of table with respect of Indexed fields
lets you view backup results and the status of the archive directory Provides recovery report checking if all backups are available to perform a restore and recovery
Schedules backups and other administrative jobs in the database system
Schedules backups and administrative activities centrally for several SAP systems and databases
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
DB14 DBA Operations MonitorDB16 Overview of database checks
DB17 Configuration of database checksDB20 maintain statisticsDB21 configuration of statistics
DB24DB26 database parameter overview
DB02 Tables and Indexes monitor
ST04 Database Performance monitorST04N New Oracle database monitor
RZ20 Database Alert monitor
RSORATAD determine the index storage quality
D BACOCKPIT See note 1028624
RFC Notes
RZ12 RFC Server Group MaintenanceSM59 RFC DestinationsSM59_OLD RFC DestinationsSM58 Transactional RFCSMQ1 qRFC (outbound queue)SMQ2 qRFC (inbound queue)SMQ3 qRFC (saved e-queue)SMQA tRFCqRFC Confirm statusSMQE qRFC AdministrationSMQR qRFC Monitor (QIN Scheduler)SMQS qRFC Monitor (QOUT Scheduler)RSARFCLD Report that gets and sets RFC quotasRSARFCSE Execute ARFC as background jobSABP0000SABP0003 customize interval of RSARFCSE
RSRFCCHK
Printers
SPAD Spool Administration
SP01SP02 Spool Requests AdministrationSP11 List objects in TemSeSP12 TemSe Administration
Web Services Notes
Checks the status and logs of all database operations including backup monitoring updates of the optimizer statistics and database checks
View and maintain check conditions used by a database system check
Logs for Administrative Database Operations
Monitors the storage behavior of the database and the status of the database objects
Displays the most important indicator for Oracle database performance
Monitors all preset alerts for different areas of the database
this report is called directly in transaction se38
This transaction replaces various transactions previously used for monitoring and administration
ST04OLD DB02OLD DB12OLD DB13OLD DB14OLD
In WAS 70 all previous transactions have been renamed to ltPrevious transaction codegtOLD
List each RFC destination and the user involved
Spool and Output Requests Administration
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
WSADMIN
ABAP Development Workbench
SE80 Abap Object NavigatorSE38 Abap - Program EditorSA38 Abap - Program ExecutionSE11 Abap Dictionary EditorSE12 Abap Dictionary DisplaySE13 Dictionary - Technical Settings Define technical features of tablesSE14 DB Utility (to create tables in DB)SE16 Display and Create Table ContentsSM30 Maintain Table ViewsSM31 Maintain Table ViewsSD11 Abap Data ModelerSE93 Maintain TransactionsABAPDOCU Abap Documentation
Change and Transport System
SPRO SAP Customizing through IMG
SPRO_ADMIN SAP Customizing Project AdministrationSE09 Transport Organizer Create and Release of change requestsSE10 Transport Organizer Create and Release of change requestsSE01 Transport Organizer (Extended View)STMS TMS Configuration Create Systems Transport Routes and QA
SE06SE03 Transport Organizer ToolsSPAM Support Package Manager Application of Support PackagesSAINT Add-On Installation ToolSPDD Modification Adjjustment Dictionary
SPAU Modification Adjjjustment (other objects)SE95 Modification BrowserSNOTE Note Assistant
dico Hard reset of TMS
Client Administration
SCC4 Client Administration same as table T000SCCL Local Client CopySCC9 Remote Client CopySCC1 Copy Customizing Change RequestSCC5 Delete ClientSCC8 Client ExportSCC7 Client Import Post-processingSCC3 Client Copy LogsSCU0 Customizing Cross-System ViewerSCMP ViewTable System Comparison
Jobs Administration
SM36 Creation of JobsSM36WIZ Creation of Jobs (wizard)SM37 Job Monitoring
SAP WAS 640 and higher also provides the WebService Framework which allows you among other things to declare individual modules as web services
Intitialize transport tables and sys-change-option button
This is not a transaction It is a key that must be entered in the command field of transaction STMS
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
SM62 Events MaintainanceSM64 Trigger of eventsSM69 Mantener comandos OSSM49 Ejecuta comandos OSSM61 Create Job GroupsSMX Job Monitoring (own jobs)
LDAP Administration
LDAP Directory Service Connection
License Administration
SLICENSE SAP License AdministrationLICENSE_ADMIN License Administration Workbench
SLAW License AuditingUSMM System Measurement Transaction
Installation and Upgrade
(OS) -gt SAPINST SAP Installation(OS) -gt SAPUP SAP Upgrade - Abap(OS) -gt SAPJUP SAP Upgrade - JavaICNV Table Incremental Conversion
SAP Workflows
SWDD Workflow Builder
SWXFSWUI_DEMO Wokflows Demos
Application Link Enabling (ALE) Notes
WEDI Idoc basis WE02 Display idocs WE05 Monitoring of idoc lists WE07 Idoc statistics WE12 Inbound processing of outbound file WE14 Outbound processing from idoc
WE15WE16 Inbound processing of idoc file WE19 Test tool inbox WE20 Partner profiles WE21 Port definitions WE30 Idoc type editor WE31 Idoc segment editor WE42 See Inbound Process Code tableWE46 Idoc administration WE47 Status maintenance
WE57WE60 Documentation for idoc types WE61 Documentation for idoc record types
httphelpsapcomsaphelp_nw04helpdataeneeee133bfae0750ce10000000a11402fframesethtm
WF WS30000015 shows the absence notification process
Workflow demo - create absence notification
Outbound processing from message control
Assignment function module - logical message - idoc type
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
WE62 Documentation for segments (3x only) WE81 Overview of all message types
WE82NACE Customzing of output determination SO01 Integrated inbox SWO1 Business object builder SWO2 Business object repository SWLD Workflow workbench SWU3 Workflow customizing SWE2 Event type linkage SWI1 Display work items SWI2 Work item analysis SWUS Start workflow SWEL Workflow event log PPOS Display organizational plan PFTC Tasks PFAC Standard roles
SALE ALE customizing BALE ALE distribution BALD ALE development (40) BALM ALE master data (40) BALA ALE application (40) BD1011 Sendfetch material mastersBD1213BD1415 Sendfetch vendor BD2122 Selectdelete change pointers
BD40
BD4143
BD50BD53 Reduction of idoc types
BD54 Logical systems BD55 Conversion BD56 Segment filtering BD61 Activate change pointers BD64 Distribution model BD68 Lists BD72 Activate event coupling BD75 Status conversion for tRFC BD77 Distribution of control data BD78 Monitoring of control data distribution BD82 Generate partner profiles
BD87 Process inbound idocs BD88 Process outbound idocsBDM2 Idoc trace (idocs with receiver) BDM5 Consistency check BDM7 ALE audit statistical analyses BDM8 Send ALE audit confirmation BDM9 Reorganize the audit database BDRC Determine recovery objects (31I 45) BDRL Process recovery objects (31I 45) BDBG Generate ALE interface for BAPI (40)
Finds out which version of the basic type is best suited to your SAP systems release
You find all customizing settings in this transaction or you can get the same in the following path IMG (SPRO) -gt SAP NetWeaver -gt SAP Web Application Server -gt IDoc Interface Application Link Enabling (ALE)
Select change pointers for serialization group (40)
Dispatchpost idocs for serialization group (40)
Activate change pointers for message type
You can also get to this transaction by the following path SAP NetWeaver -gt SAP Web Application Server -gt IDoc InterfaceApplication Link Enabling (ALE) -gt Logical Systems
You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
BDBS Generate coding for mapping (40) BAPI BAPI browser (40) SM58 Aborted transactional RFCs SM59 RFC destinations
sa38 -gt RSEOUT00
sa38 -gt RBDAPP01
sa38 -gt RSSCD100
sa38 -gt RBDMIDOC
Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm) in the Outbound partner profile (WE20)
Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately) in the Inbound partner profile (WE20)
Report to view the change documents (that record each change made to their objects)
Report use to evaluate change pointers This program is usually scheduled as a periodic background job You can start the program for testing purposes with transaction BD21
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Java Ports
httpltservergtltj2ee_portgt
where
lt2ee_portgt = 5XX00
XX = Instance Number
5XX00 WAS Netweaver Administration
5XX13 StartStop Instances Applet5XX04 Visual Administrator Tool5XX08 J2EE Admin Tool Telnet5XX18 SDM
Java Tools
httpltservergtltj2ee_portgtnwa SAP NetWeaver Administrator
httpltservergtltj2ee_portgtuseradmin SAP User Management Engine (UME)httpltservergtltj2ee_portgtsld
Visual Administrator
Locking Adapter J2EE Lock MonitoringSecurity Provider User ManagementMonitoring Service J2EE Monitoring
Configuration Adapter J2EE parameter administrationKey Storage Security Keys ManagementLog Viewer Errors CheckSLD Data Supplier
Jco RFC Provider
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Security Transactions Description
SU01 User Maintenance
SU01D User Maintenance Display
SU02 Authorization Profiles
SU03 Authorization Objects and Authorizations Maintenance
SU05 Maintain Internet User
SU10 Mass Changes for Users
SU1 Maintain Own User Address
SU2 Maintian Own User Parameters
SU3 Maintain Users Own data
SU20 Maintain Authorization Fields
SU21 Maintain the authorization objects
SU22 Maintain the assignments of authorization objects
SU24 Profile Generator Maintain the assignments of Authorization Objects
SU25 Profile Generator Upgrade and First Installation
SU53 Check Failed Authorizations
SU56 Every user can display his or her own user buffer with this transaction
PFCG Role Maintenance Tool
PFUD User Master Data Reconciliation
SU80 Archive User Change Documents
ST01 System Trace (User Authorization Trace)
SE43 Area Menu Maintenance
SSM2 Set Initial Area Menu Systemwide
SUGR Group maintenance
BALE ALE Area MenuSTUN Performance Monitoring Menu
SECR (old transaction)
SM19 Security Audit (Static and Dynamic Configuration)
SM20 Analysis of Security Audit Log
SM18 Delete Old Security Audit Logs
SUIM User Information
User Information by Menu
SUCOMP User company address maintenance
SUCU
SNC1 Generate SNC name for user
SNC2 Export SNC name of user
SNC3 User initial control list 31-40
SNC4 Check canonical SNC names
SECSTORE Administration of Secure StorageSTRUST Trust ManagerSTRUSTSSO2 Trust Manager for Logon Ticket
RSUSR000 List of All Users Logged On
RSUSR002 Users by Complex Selection Criteria
RSUSR002_ADDRES Users by address data
RSUSR003 Check the Passwords of Standard Users in All Clients
RSUSR004 Restrict User Values to the Following Simple Profiles and Auth Ob
RSUSR005 List of Users With Critical Authorizations
RSUSR006 Locked Users and Users with Incorrect Logons
RSUSR007 Display Users with Incomplete Address Data
RSUSR008 By Critical Combinations of Authorizations at Transaction Start
The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP the AIS is now delivered with a series of roles
SAP MenurarrToolsrarrAdministrationrarrUser MaintenancerarrInformation System
Assignment of tablesviews to authorization groups (or SM30 -gt V_DDAT) From Web AS 640 however the view is called V_DDAT_54 which causes SUCU to fail This means you must modify the parameter call in transaction SE93 to be able to display SUCU
Security and User Administration Reports (SE38SA38)
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
RSUSR008_009_NEW A system dependent option to control SoD violations
RSUSR009 List of Users With Critical Authorizations
RSUSR010 Executable Transactions ( All Selection Options )
RSUSR011 Lists of transactions after selection by user profile or obj
RSUSR012 Search authorizations profiles and users with specified object va
RSUSR020 Profiles by Complex Selection Criteria
RSUSR030 Authorizations by Complex Selection Criteria
RSUSR040 Authorization Objects by Complex Selection Criteria
RSUSR050 Comparisons
RSUSR060 Where-used lists
RSUSR060OBJ Where-Used List Authorization Object in Program and Transactions
RSUSR061 Enter Authorization Fields
RSUSR070 Roles by Complex Selection Criteria
RSUSR080 Users by License Data
RSUSR100 Change Documents for Users
RSUSR100N Change Documents for Users
RSUSR101 Change Documents for Profiles
RSUSR102 Change Documents for Authorizations
RSUSR200 List of Users According to Logon Date and Password Change
RSUSR300 Set External Security Name for All Users
RSUSR301 Fill non-checking transactions with authobject S TCODE
RSUSR302 Delete authorization check on object S TCODE from table TSTCA
RSUSR400 Test Environment Authorization Checks (SAP Systems Only)
RSUSR401 Report to give all SAPCPIC users profile S_ACPIC
RSUSR402 Download user data for CA manager from Secude
RSUSR404 Conversion Program for Authorizations of Basis Development Environ
RSUSR405 Reset all user buffers in all clients (uncritical)
RSUSR406 Automatically Generate Profile SAP_ALL
RSUSR406_OLD Automatically Generate Profile SAP_ALL
RSUSR408 XPRA Conversion of USOBX-OKFLAG USOBX-MODIFIED for upgrade tool
RSUSR409 Transfer all translated titles to generated transaction codes
RSUSR421 Clean-up report TSTC-CINFO if no check in TSTCA
RSUSR500 User Administration Compare Users in Central System
RSUSR500D GUM Display Open Changes
RSUSR998 Call Reporting Tree Info System
RSUSREXT Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSREXTID Enter Correct SNC Names in Table View VUSREXTID (from SAP R3 45)
RSUSRLOG Log Display for Central User Administration
RSUSRSCUC CUA Synchronization of the Company Addresses
RSUSRSUIM User Information System
PFCG_TIME_DEPENDENCY HR Organizational Management Reconiciliation
RSABAPSC Search for AUTHORITY-CHECK statements
RSCSAUTH RSABAUTH
MaintainRestore Authorization Groups It creates a list of reports (type 1) (Program column) the authorization group delivered by SAP (SAP column) and the authorization group maintained by the customer (Customer column) The Customer column accepts input Customers can enter their own authorization groups here When the customer chooses Save the customers own authorization groups for all SELECTED reports are transferred to the table TRDIR This is equivalent to a change of the authorization group in the program attributes and the exiting SAP authorization groups are overwritten The authorization group for each report is also entered in the table SREPOATH meaning that the customers own authorization groups can be restored by restarting RSCSAUTH after an upgrade Start the program RSABAUTH The new authorization groups are written to the table TPGP
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Table Name Description
PRGN_CUST Customize the role transportsSSM_CUST Defines initial picture in SESSION_MANAGERTADIR Table that contains all Data Dictionary ObjectsTADIR Contains all repository SAP objects
TPFYPROPTY
TSTC
USERS_SSMUSOBT Contain SAP default authorization objects
USOBT_C Contain the customer authorization objects
USOBX Contain SAP default authorization objects
USOBX_C Contain the customer authorization objectsUSR10 Table that contains all profiles delivered by SAPUSR40 Exception Table for PasswordsVDDAT TDDAT VDDAT_54 Assignment of tablesviews to authorization groupsV_BRG Definition of authorization groupsTPGP ABAP4 Authorization GroupsE070 Header information for the transport requestE071E071K Object list and keys from table entriesT000 Client Administration
USR41_MLD Registers multiple logons
Shows parameters properties (eg Dynamical vs Static parameters)
Table that contains all transactions codes of the system
System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Parameter
rdispmax_alt_modesrdispwp_no_diardispwp_no_vbrdispwp_no_vb2rdispwp_no_btcrdispwp_no_spordispwp_no_enqrdispstart_icmanrdispj2ee_startrdispTRACErdispbtctimerdispmax_wprun_time
rslgmax_diskspacelocal
recclient recclient recclient
logindisable_multi_gui_loginloginmulti_login_users
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Description
Defines number of dialog workprocessesDefines number of update 1 workprocessesDefines number of update 2 workprocessesDefines number of background workprocessesDefines number of spool workprocessesDefines number of enqueue workprocessesInitialize ICMInitialize J2EESet the trace level for developer traces
ALL logs all clients000 [] logs the specified clientsOFF turns logging off
Defines how many sessions are permissible for each logon to the SAP system Can be set to values from two to nine the standard setting is six
Defines the size of the system Log (sm21) Each log entry takes up 192 bytes and the default log is 500160 bytes which is a multiple of 192 that corresponds to 2605 entries Once the log is full the oldest entries are overwritten
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Security Parameters
Parameter Description
rsaulocalfile
rsaumax_diskspacelocal This parameter defines the maximum space to allocate for the audit files
rsauenable This parameter enables the security audit log
rsauselection_slots This parameter defines the number of filters to allow for the security audit log
rsaumax_diskspaceper_day (dynamic configuration)
rsaumax_diskspaceper_file (dynamic configuration)
authno_check_in_some_cases Enables Profile Generator
authauth_number_in_userbuffer
authnew_buffering
loginmin_password_lng Defines the minimum length of the passwordDefault value 3 permissible values 3 ndash 8
loginmin_password_digits Defines the minimum number of digits (0-9) in passwordsDefault value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_letters Defines the minimum number of letters (A-Z) in passwords Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginmin_password_specials
Default value 0 permissible values 0 ndash 8Available as of SAP Web AS 610
loginpassword_charset This parameter defines the characters of which a password can consistPermissible values
Available in the standard system as of SAP Web AS 640loginmin_password_diff
Default value 1 permissible values 1 ndash 8Available as of SAP Web AS 610
loginpassword_expiration_time Defines the validity period of passwords in daysDefault value 0 permissible values any numerical value
loginpassword_change_for_SSO
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_password_logon Controls the deactivation of password-based logon
Available as of SAP Web AS 610 as of SAP Basis 46 by Support Package
The audit files are located on the individual application servers You define the name and location of the files with this parameter (up to WAS 630)
In systems with release level 46A and higher this parameter definies the size of the user bufferAs of Kernel 620 the parameter is no longer evaluated
authauth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4
Defines the minimum number of special characters in the password Permissible special characters are $amp()=`+~-_[]ltgt and space
0 (restrictive) The password can only consist of digits letters and the following (ASCII) special characters $amp()=`+~-_[]ltgt| and space
1 (backward compatible default value) The password can consist of any characters including national special characters (such as auml ccedil szlig from ISO Latin-1 8859-1) However all characters that are not contained in the set above (for value = 0) are
2 (not backward compatible) The password can consist of any characters It is converted internally into the Unicode format UTF-8 If your system does not support Unicode you may not be able to enter all characters on the logon screen This restri
With loginpassword_charset = 2 passwords are stored in a format that systems with older kernels cannot interpret You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password
Defines the minimum number of characters that must be different in the new password compared to the old password
If the user logs on with Single Sign-On checks whether the user must change his or her password
This means that the user can no longer log on using a password but only with Single Sign-On variants (X509 certificate logon ticket)
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
loginpassword_logon_usergroup Controls the deactivation of password-based logon for user groupsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
logindisable_multi_gui_login Controls the deactivation of multiple dialog logonsAvailable as of SAP Basis 46
loginmulti_login_users
Available as of SAP Basis 46loginfails_to_session_end
Default value 3 permissible values 1 -99loginfails_to_user_lock
Default value 12 permissible values 1 -99loginfailed_user_auto_unlock
Default value 1 (Lock applies only on same day) permissible values 0 1
loginpassword_max_new_valid Defines the validity period of passwords for newly created usersAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginpassword_max_reset_valid Defines the validity period of reset passwordsAvailable as of SAP Web AS 610 as of SAP Basis 46 by Support Package
loginaccept_sso2_ticket Allows or locks the logon using SSO ticketAvailable as of SAP Basis 46D as of SAP Basis 40 by Support Package
logincreate_sso2_ticket Allows the creation of SSO ticketsAvailable as of SAP Basis 46D
loginticket_expiration_time Defines the validity period of an SSO ticketAvailable as of SAP Basis 46D
loginticket_only_by_https The logon ticket is only transferred using HTTP(S)Available as of SAP Basis 46D
loginticket_only_to_host
Available as of SAP Basis 46Dlogindisable_cpic Refuse inbound connections of type CPIC
Controls the emergency user SAP (SAP Notes 2383 and 68048)
loginsystem_client
loginupdate_logon_timestamp Specifies the exactness of the logon timestampAvailable as of SAP Basis 46
rdispgui_auto_logout
Default value 0 (no restriction) permissible values any numerical valueloginno_automatic_user_sapstar Controls the SAP user
loginpassword_max_idle_initial
loginpassword_max_idle_productive
List of excepted users that is the users that are permitted to log on to the system more than once
Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts The parameter is to be set to a value lower than the value of parameter loginfails_to_user_lock
Defines the number of unsuccessful logon attempts before the system locks the user By default the lock applies until midnight
Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
When logging on over HTTP(S) sends the ticket only to the server that created the ticket
loginno_automatic_user_sapstar
Specifies the default client This client is automatically filled in on the system logon screen Users can type in a different client
Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections)
You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password As soon as this period has expired the system displays message Initial password has expired and refuses the password logon However you can still logon using SSO
You can use this parameter to determine the maximum time between two password logons As soon as this period has expired the system displays a message stating that the password has not been used for a period of time and was therefore deactivated and the system refuses the password logon However you can still logon using SSO
The profile parameters loginpassword_max_new_valid and loginpassword_max_reset_valid have been replaced by the profile parameter loginpassword_max_idle_initial which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
S_TCODE Allow to start a transaction
S_USER_GRP Authorization to create or maintain a user master record and to assign it to a user group
S_USER_PRO Authorization for the authorization profiles that you assign to users
S_USER_AUTH Authorization to create and maintain authorizations
S_USER_AGR
S_USER_TCD Authorization for transactions that you may assign to the role in the Profile Generator
S_USER_VAL
S_PROGRAM
S_TABU_DIS
S_TABU_CLI
S_TABU_LIN
S_TRANSPRT is the authorization object for the Transport Organizer
S_CTS_ADMI
S_DEVELOP Authorizations for the ABAP Workbench (programming and debugging transactions SExx)
S_LOG_COM Authorization to execute logical operating system commands
S_BTCH_JOB Authorization Object for Job Operations
S_DATASET Authorization Object for File Access
S_RFC Authorization Object for RFC
Authorization Object
Authorization to protect roles With this authorization object you specify which roles can be edite and which activities (display change create etc) are intended for the role(s)
Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator
The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object
Defines which table contents may be maintained by which employees The authorization object S_TABU_DIS controls only complete accesses which are made using standard table maintenance (SM31) advanced table maintenance (SM30) or the Data Browser (SE16) These group assignments are defined in table TDDAT
Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30) extended table maintenance transaction (SM31) and the Data Browser (SE16) Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS The object has the following field CLIIDMAINT If identifier X or is set cross-client tables can be maintained
Through the introduction of organization criteria it is possible to restrict a users access rights to specific parts of a table A possible use for S_TABU_LIN would be to display and to change content for only a certain work area such as a country or a plant
Is the authorization object for the administration functions in theChange and Transport System
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
Official Sites
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portalsSAP Insider OnlineThe SAP Developer NetworkSAP PressSAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUETSAP Business DUETSAP UI Design
httpwwwnetweavermagazinecom SAP NetWeaver MagazineSAP Performance Site
No Official Sites
SAP en CastellanoMundo SAPSAP Fans
httphelpsapcomhttpservicesapcomhttpservicesapcompamhttpservicesapcomsp-stackshttpwwwsapinfohttpwwwsapinsideronlinehttpsdnsapcomhttpwwwsap-presscomhttpwwwsapprocomhttpifrsapcomhttpservicesapcomconnectorshttpbpxsapcomhttpwwwsapcomcommunitypubinnovationduetwebcastsepxhttpwwwsapcomcommunitypubinnovationduethttpwwwduetcomhttpwwwsapdesignguildorg
httpservicesapcomperformance
httpsap4comhttpwwwmundosapcomhttpwwwsapfanscomhttpsearchsaptechtargetcomhttpwwwsap-imgcomhttpwwwsapdbinfohttpsapbasicwordpresscom
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-
The Online documentationThe SAP Service MarketplaceSAP Product Availability MatrixSAP Support Package StacksThe Information portals
The SAP Developer Network
SAP Professional JournalSAP Interface Repository (Documentacioacuten BAPIs)SAP Connectors (Jco NET Business Connector etc)SAP Business Process CommunitySAP Business Community for DUET (webcasts)SAP Business Community for DUET
SAP NetWeaver MagazineSAP Performance Site
- WAS Academy Nov_Dec 2009
- WAS_Admin_Transactions
- Security_Transactions
- Important Tables
- Admin Parameters
- Auth Parameters
- Auth Objects
- SAP Info Sites
-