Wednesday, 26 November 2014

SAP System Profile Parameter for SAP Security

Login System Profile paramenter for SAP Security:

Here is a set of system profile parameter required for SAP security and it will enhance the protection and we can have control over SAP login and below profile parameters are useful to implement SAP security in your landscape.

This is a 1st set of profile parameters and i will post next set of system profile paramter which is required for Basis and Security in upcoming post.


Profile parameter
Description
Default value
Recommended value
login/min_password_lng
Minimum password length for user password
3
3
login/password_expiration_time
 
Number of days between forced password change
0
90
Login/fails_to_session_end
Number of invalid logon attempts allowed before the SAP GUI is disconnected

3

3
Login/fails_to_user_lock
Number of invalid logon attempts within a day before the user id is automatically locked by the system

12

5
rdisp/gui_auto_logout
Time, in seconds, that SAPGUI is automatically disconnected because of in-activity

0

30
Auth/test_mode
Switch to report RSUSR400 for authority check
N
N
Auth/system_access_check_off
Switch off automatic authority check
N
N
Auth/no_check_in_some_cases
Special authorization checks turned off by customer
N
Y
Login/ext_security
Security access controlled by external software
N
N
Auth/rfc_authority_check
Permission for remote function calls from within ABAP programs
0
1
Login/failed_user_auto_unlock
Disable system function for automatic unlock of users at midnight
0
1
Login/no_automatic_user_sapstar
Disable ability to logon as SAP* with PASS of password when SAP* deleted
0
1
Auth/no_check_on_tcode
Disable check of S_TCODE on non-basis transactions
N
N
Auth/auth_number_in_userbuffer
Number of authorizations allowed in the user buffer
800
1000
Auth/authorization_trace
Every trace will be logged once in table USOBX
N
N
Auth/check_value_write_on
Write value for SU53 security checking/authorization failure
Y
Y




 Hope this document is helpful to you.




No comments:

Post a Comment

Note: only a member of this blog may post a comment.