SAP Generate Access key

Sometimes we need to generate access key to make some changes/implement SAP note

You need to pop up screen shot or installation number, PgmID, Type and Object name details from the person who requested access keys

Go to service.sap.com and select “Keys & Requests” and click SSCR Keys like below screen shot

Once you navigated to new location, you will get below screen and select Register Object 

Select the installation number and enter PgmID, Type and Object name, click register to generate access key

You will get new access key based on above details which you got it from requester

SAP Post Installation Steps

Below are the steps needs to be performed as part of SAP post installation activities

1. Login to ddic username and execute SICK tcode

2. Goto RZ10 tcode and import the new profiles and add profile parameters according to your requirements

3.Execute slicense and install license for your system

4. Go to SE06 and select Standard Installation option hit execute, Click yes to initialize your CTS settings

5. Now goto STMS tcode and configure TMS

6. You can configure current system as DC(domain controller) or you can include into another domain, in this case I configure as domain controller

7. Now install SGEN i.e SAP load generator

8. Now go to SCC4 tcode and create a new client and perform client copy

9. After you created new client and make sure you copy ddic username and create new admin username and lock SAP* and DDIC usernames

10. Additionally you need to perform SAP Kernal upgrade as well as patching for OS and DB and check official installation guide in market place

How to Disable Access to INFOTYPE 008 in HR Security

Info type 0008 will enable users to look at others basic pay which is confidential and it required to be protected from users, because we must restrict this access to users who ever have access to HR data.

Here I will tell you how to achieve it.

1. Go to SE16N and check the table TOBJ(Authorization Objects) and enter field value INFTY ad execute

2. Now you can able to see all the authorization objects which is having filed INFTY, so now we need to check which all are tcodes having access to list of authorization objects which is having access to field INFTY

3. Go to table TSTCA in SE16N tcode and enter the list of authorization objects

4. Now execute and you will get a list of tcodes which is having authorization field INFTY, just do a excel work to remove all the duplicate values and you will get list of PA20, PA30, PA40, etc.. HR tcodes

5. That’s it you are almost done and now check who is having access/whom you want to disable access to info type 0008 in HR data by pulling report in SUIM and making changes in the corresponding assigned roles to users.

Hope this document is helpful to you and do share J

SAP System Profile Parameter for SAP Security

Login System Profile paramenter for SAP Security:

Here is a set of system profile parameter required for SAP security and it will enhance the protection and we can have control over SAP login and below profile parameters are useful to implement SAP security in your landscape.

This is a 1st set of profile parameters and i will post next set of system profile paramter which is required for Basis and Security in upcoming post.

Profile parameter	Description	Default value	Recommended value
login/min_password_lng	Minimum password length for user password	3	3
login/password_expiration_time	Number of days between forced password change	0	90
Login/fails_to_session_end	Number of invalid logon attempts allowed before the SAP GUI is disconnected	3	3
Login/fails_to_user_lock	Number of invalid logon attempts within a day before the user id is automatically locked by the system	12	5
rdisp/gui_auto_logout	Time, in seconds, that SAPGUI is automatically disconnected because of in-activity	0	30
Auth/test_mode	Switch to report RSUSR400 for authority check	N	N
Auth/system_access_check_off	Switch off automatic authority check	N	N
Auth/no_check_in_some_cases	Special authorization checks turned off by customer	N	Y
Login/ext_security	Security access controlled by external software	N	N
Auth/rfc_authority_check	Permission for remote function calls from within ABAP programs	0	1
Login/failed_user_auto_unlock	Disable system function for automatic unlock of users at midnight	0	1
Login/no_automatic_user_sapstar	Disable ability to logon as SAP* with PASS of password when SAP* deleted	0	1
Auth/no_check_on_tcode	Disable check of S_TCODE on non-basis transactions	N	N
Auth/auth_number_in_userbuffer	Number of authorizations allowed in the user buffer	800	1000
Auth/authorization_trace	Every trace will be logged once in table USOBX	N	N
Auth/check_value_write_on	Write value for SU53 security checking/authorization failure	Y	Y

 Hope this document is helpful to you.