Transactions Slated for Removal from Roles in Production Syst ems

Dart, Jocelyn jocelyn.dart at sap.com
Sun Aug 11 20:08:31 EDT 2002


Diane,
Well, good luck debugging any ABAP code or data dictionary problems.
I'd be making sure there is at least SOMEONE who has access to
SE11, SE80, and SM59 for emergency diagnosis.
 
Taking away SM30 and SM31 is similarly dubious - how can you check
config changes transported to production without these? or check
the config during emergency debugs?  Anyway if SCC4 is taken away
and the client has already been set to not modifiable then SM30 and
SM31 should not be a problem as they will prevent change.
 
Regards,
        Jocelyn Dart
Consultant (SRM, EBP, Workflow)
and co-author of the book
"Practical Workflow for SAP"
SAP Australia
 jocelyn.dart at sap.com
61 412 390 267
+61 2 9935 4880
 
 
 
 
 
-----Original Message-----
From: Nobles, Diane [mailto:nobles_dh at naptheon.com]
Sent: Friday, 9 August 2002 10:38 PM
To: SAP-WUG at MITVMA.MIT.EDU
Subject: FW: Transactions Slated for Removal from Roles in Production
Syst ems
 
 
Good morning all.  We are still fighting the security issues with certain
transactions.  The transactions listed below are being removed from all
profiles in Production, including the workflow developers, administrators,
ABAP'ers, etc. profiles.  As we do not have a lot of workflows in our
production and have not had any real issues as of yet, I do not see any real
issues at this time.  Are any of you real workflow'rs aware of what problems
the loss of these transactions will cause for us in the monitoring and
troubleshooting areas???  Of course when these things become a problem we
will address them, but I am trying to not wait until the fat hits the fire.
Any thoughts are welcome.
 
Diane H. Nobles
Northrop Grumman-Naptheon
SDE PM Team
(757) 380-7250
 
A recent audit identified areas of perceived access vulnerabilities. Basis
Lead has compiled the following list of transactions to be removed from our
Production access:
>                       SC38 Cross-system Program Execution
>                       SE80 Object Navigator
>                       MN0Z ABAP Editor:Initial Screen
>                       SQ01 Query from User Group AM:Initial Screen
>                       SQ02  InfoSet:Initial Screen
>                       SE11 ABAP Dictionary: Initial Screen
>                       SE13 Dictionary: Technical Settings
>                       SE16 (will be replaced by SE16N) Data Browser:
> Initial Screen
>                       SM30 Maintain Table Views:Initial Screen
>                       SM31 Maintain Table Views:Initial Screen
>                       SU01 User Maintenance:Initial Screen
>                       SCC4 Allows locking and unlocking the client
>                       SM01 Allows locking and unlocking transactions
>                       SM59 - still under discussion
> Be prepared to discuss any customer support issues you may have relative
> to these changes in Friday's Staff Meeting.
>
>
 


More information about the SAP-WUG mailing list