Rashed's Way2SAPBASIS.com

Hi members,

please answer the following

1.I want to get a list of all transactions used per user in a specific time period. Basically I'm looking for a list of all users logged in SAP and the details of the tcodes they used. Is there any standard report or tcode available to view this info?

2.how to lock tcodes for a time limit ?

3.What table names contain profile change history?

4.a user is denied authorization when trying to access SAP information, what transaction will provide the name of the authorization object that caused denial to the transaction?

5.What fundamental authorization object is to be used as the first line of defense in checking authorization for a transaction code?

6.What SAP default user is installed with SAP and how can you disable this user to prevent security holes?

7.you have a transaction code that must be locked down so no one can use it. How can you lock and unlock this transaction?

8.what is user lock code in database?

9.how to Display locked/unlocked transactions?

10.We are running SAP release 4.0B using the 620 GUI. By default, my list, save, local file, directory is C:SapWorkDir. How do I change this to something else? If I click on Options there is a directory for the local data area, which looks like the place to change the directory, but that does nothing. There must be a way to change this.

11.Is there any way to do a mass changing of user passwords in SAP?

regards
pavan

3.the tables that contain profile change history are-
a) usr10, usr12
b) ush10, ush12
c) sapr3.usr01, sapr3.usr10

4.
a) Transaction suim. Reports run from this transaction and it displays the objects along with the transaction under the user's dropdown.
b) Transaction su53. Run transaction su53 as the unauthorized user immediately after the authorization failure is displayed.
c) Transaction se38. Run report rsdispusrauth to show the authorizations needed for each transaction. Then add those to the user ID's role.
d) Transaction pfgg. If you're using CUA, you must log in to the system where the failure occurred and check transaction pfcg against the user ID for the authorization object shown in the associated short dump.

5.a) S_tcode
b) Auth_init_check
c) Init_tcode_check
d) A_tcode


6.the sap users installed with sap are-
a) SAP* -- Set the profile parameter login/no_automatic_user_sapstar to a value greater than zero.
b) SAP* and DDIC -- Use transaction su01 to delete the user IDs.
c) SAP* This user can't be disabled as it is the backdoor for SAP to log in to your system.
d) Use SQLplus to delete the user IDs DDIC and SAP*.


7.a transaction can be locked in many ways as-
a) Use R3trans and tp utilities with tp unlck and tp lock at the operating system.
b)Use transaction sm01 to find the transaction and lock/unlock it.
c) Run report rslocktrans from se38 and enter the variant value for the desired transaction and the lock/unlock checkbox.
d) Always use the ABAP workbench to lock transactions.

9.a)to display locked/unlocked transactions,we need to use transaction sm01.
b)another way to see the locked transactions is to run the report RSAUDITC.
c)Or just look in table TSTC

2.We can do this by running the relevant code in SAP Standard program SAPMTSTC.

1. i'm not sure but so far my knowledge, we can view all transactions used by a particular user for a certain period of time from the table MONI.

11.BAPI: BAPI_USER_CHANGE:

PASSWORD = newPassword
PASSWORDX = 'X'

Hi Sir,

1.I want to get a list of all transactions used per user in a specific time period. Basically I'm looking for a list of all users logged in SAP and the details of the tcodes they used. Is there any standard report or tcode available to view this info?

A).There is no standard transaction. The information is available for configurable time periods using transaction ST05N but it is not organized to readily provide a report of users and transactions. Also the information available summarizes a user's use of a transaction. There will be one entry (with count data) per user per time period. Daily, weekly and monthly summaries can be created and they are stored for configurable durations.

The information is summarized into a cluster table called MONI based on the STAT files that are written in the file system and regularly refreshed. MONI cannot be queried via SE16 etc., but SAP delivers a number of function modules that retrieve data from these tables.

2.how to lock tcodes for a time limit ?
A).We can do it thro SM01 in which we can specify the time ans also,
ABAP team can find the relevant code in SAP Standard program SAPMTSTC and can modify it to read a custom table of transactions specified by us.


3.What table names contain profile change history?

a).Ush12 has change history for authorization values,

b).ush10 contains historical data for authorization profiles.

c).Ush02 and ush04 may also be analyzed.

You may search on these tables using se11, se16, or se17 to compare tables and generate your own data. They are helpful for security forensics if you are trying to determine any possible questions on users that had authority at a point in time.

4.a user is denied authorization when trying to access SAP information, what transaction will provide the name of the authorization object that caused denial to the transaction?

a).Transaction su53. Run transaction su53 as the unauthorized user immediately after the authorization failure is displayed.

b).Transaction suim. Reports run from this transaction and it displays the objects along with the transaction under the user's dropdown.

c) Transaction se38. Run report rsdispusrauth to show the authorizations needed for each transaction. Then add those to the user ID's role.

5.What fundamental authorization object is to be used as the first line of defense in checking authorization for a transaction code?

a) S_tcode : is the primary check for almost all SAP authorization checks. You can limit a transaction from being accessed simply by removing the transaction code from s_tcode in a role. Even if the other authorizations exist, the user will not have access to the transaction.

b) Auth_init_check
c) Init_tcode_check
d) A_tcode

6.What SAP default user is installed with SAP and how can you disable this user to prevent security holes?

a).The default user which is installed with SAP is Dialog User.

b).The default users in the Clients are SAP* & DDIC.

c).Use SQLplus to delete the user IDs DDIC and SAP*.

SAP* has full authorization and is intended to be used as a back door for SAP; however, you can lock this hole from your system by setting the default parameter login/no_automatic_user_sapstar to a value greater than zero and deleting the user ID. This will ensure that no one is able to delete your SAP* from the database and login with the initial password of PASS.

7.you have a transaction code that must be locked down so no one can use it. How can you lock and unlock this transaction?

a).Use R3trans and tp utilities with tp unlock and tp lock at the operating system.

b).Use transaction sm01 to find the transaction and lock/unlock it.

8.what is user lock code in database?

9.how to Display locked/unlocked transactions?

a). We can Display all the Locked and unlocked transactions by using Tcode : SM01.

b). TSTC table will contain all the Tcodes

c). TSTCT table will contain all the Tcodes with Texts.

11.Is there any way to do a mass changing of user passwords in SAP?

a).Export all user IDs whose passwords you want to reset. Then create a CATT via SCAT and run it against the user list.

These are the possible solutions which can be used.

If i am wrong pls correct me![

Thanks & Regards,
Sangeeth Kumar.

To get the list of transactions executed by a user in a specific period of time:

1.Go to ST03. Select choose for analysis. Choose only one application server at a time in case you have multiple application servers. Choose time period of your choice.
2.In the next screen from menu choose GO TO-->PROFILES->-USER PROFILES. Here you will get the list on users who have worked on that application server.
3.Double click on the required user and you will get all the transactions he/she has executed.
4.In case you select TOTAL in step 1 and then follow the steps 2 and 3 you will only get the list of application server on which the user has worked and not the transaction details.

NIHAR............7.30AM

BAPI to change the User's password

The BAPI "BAPI_USER_CHANGE" could be used to change the User's password. Please check the sample code below:

GO TO T.CODE SE38(abap editor) AND CLICK THE BUTTON "pattern" U wii get a pop up screen, insert 'BAPI_USER_CHANGE' in the
"CALL FUNCTION" radio button and press the tick button. u will get some code,goto EXPORTING and change ur requirement according to given below

CALL FUNCTION 'BAPI_USER_CHANGE'
EXPORTING
username = userid
password = new_password
passwordx = 'X'.


NIHAR..........7.30AM

HI PAVAN

1.I want to get a list of all transactions used per user in a specific time period. Basically I'm looking for a list of all users logged in SAP and the details of the tcodes they used. Is there any standard report or tcode available to view this info?

ans: There is no standard transaction. The information is available for configurable time periods using transaction ST05N but it is not organized to readily provide a report of users and transactions. Also the information available summarizes a user's use of a transaction. There will be one entry (with count data) per user per time period. Daily, weekly and monthly summaries can be created and they are stored for configurable durations.

The information is summarized into a cluster table called MONI based on the STAT files that are written in the file system and regularly refreshed. MONI cannot be queried via SE16 etc., but SAP delivers a number of function modules that retrieve data from these tables.

It is also possible to configure audit logging via SM19 and read the log files via SM20. This will provide more detail but it also introduces new file management issues and requires a change to system settings.


BEST REGARDS
MOHAMMED ABDUL MUQEET
EMAIL:meetmuqeet@gmail.com