Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SUIM security-audit checklist....

Former Member
0 Kudos

hello, i found a check list SAP security-auditing in SUIM. i searched some of them in internet but my mind confused.

i think it can be very helpful checklist for people working in SAP security-auditing.

if you have time, can you tell me please what these reports mean? with 1-2 sentences.

( i know they are a bit much but i think it can be realy good source for people wants to work in SAP security- auditing like me.)

Thank you very much

Regards..

SUIM--->>>>

1)  S_TCODE = SM36,Authorization Object 1: S_BTCH_ADM = Y; Authorization Object 2: S_BTCH_JOB = * for Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only

2)  S_TCODE = SM37; Authorization Object 1: S_BTCH_JOB JOBACTION = *; Additional selection criteria – Unlocked users only

3)  S_TCODE = SM35; Authorization Object 2: S_BDC_MON1=*, Additional selection criteria – Unlocked users only

4)  S_TCODE = SE18; Additional selection criteria – Unlocked users only

5)  S_TCODE = SE19; Additional selection criteria – Unlocked users only

6)  S_TCODE = SM69; Authorization Object 1: S_RZL_ADM= 01; Additional selection criteria – Unlocked users only

7)  S_TCODE =SM49; Authorization object1: S_LOG_COM, COMMAND Value: #*; POSYSTEM Value: #*; R/3 Value: #* additional selection criteria: unlocked users only

😎  Authorization object 1: S_RFC; RFC_TYPE: FUGR; RFC_NAME: #*; activity: 08; additional selection criteria: unlocked users only

9)  S_TCODE = SECR;” “authorization object1: S_IMG_ACTV, Project no: 900; ACTVT = 02; IMG Value = #*” “authorization object2: S_PRO_AUTH Project no: 900 ACTVT: 03” “additional selection criteria: unlocked users only

10)  S_TCODE=SU01: Additional selection criteria – Unlocked users only

11)  S_TCODE=SU01; 2: Authorization object 1: S_USER_AUT; ACTVT Value=03 or 08” Additional selection criteria – Unlocked users only

12)  S_TCODE=SU02; Additional selection criteria – Unlocked users only

13)  S_TCODE=SU03; Additional selection criteria – Unlocked users only

14)  S_TCODE=SU10; Additional selection criteria – Unlocked users only

15)  S_TCODE=RZ10; Authorization object 1: S_DATASET, ACTVT Value = *; Authorization object 2: S_RZL_ADM ACTVT Value = 01 or 03; Additional selection criteria – Unlocked users only.

16)  S_TCODE =SE16; Authorization object1: S_TABU_DIS, Authorization group = SC, ACTVT =02; Additional selection criteria: unlocked users only

17)  S_TCODE = SNRO; authorization object1: S_NUMBER, Value = #*, ACTVT = 01, 02, 11; 3: Additional selection criteria – Unlocked users only

18)  S_TCODE = SCC4; authorization object1: S_TABU_DIS Table Maintenance (via standard tools such as SM30), ACTVT = 01, 02, 03; authorization group = SS; Additional selection criteria – Unlocked users only

19)  Authorization object 1:S_ADMI_FCD, Value: SP01 or SPOR; authorization object 2: S_SPO_ACT Value = ATTR (change attributes of protected spool request) or BASE (see protected spool requests in the output controller [determine whether the spool request exists], display request attributes) and DELE (delete request manually) or REPR (output protected spool request more than once); authorization object 3: S_TMS_ACT (Actions on TemSe objects); STMSOWNER Value  = GRP (external TemSe objects in own) or OWN (own TemSe objects) authorization object 3 = S_TMS_ACT: Additional selection criteria – Unlocked users only

20)  S_TCODE = SCCL; authorization object 1: S_CLNT_IMP, Activity = 21, 60; authorization object 2: S_TABU_CLI, Cross Client Indicator = #*; Additional selection criteria – Unlocked users only

21)  S_TCODE = SCCL; authorization object 1: S_CLNT_IMP, Activity = 21, 60; authorization object 2: S_TABU_CLI, Cross Client Indicator = #*; Additional selection criteria – Unlocked users only

22)  S_TCODE =SM31;” “authorization object 1: S_TABU_DIS, ACTVY =01,” authorization object 2:  “S_TABU_CLI CLIIDMAINT =x”: “additional selection criteria: unlocked users only

23)  S_TCODE =SM30;” “authorization object 1: S_TABU_DIS, ACTVY =01 or ACTVY =02,” authorization object 2:  “S_TCODE =S_TABU_CLI, CLIIDMAINT =x”: “additional selection criteria: unlocked users only

24)  Authorization object 1: “S_TCODE =SA38 or SE38;” “2: authorization object S_PROGRAM Value =SUBMIT: “additional selection criteria: unlocked users only

25)  S_TCODE =SA38 or SE38;” “2: authorization object S_PROGRAM Value =SUBMIT: “additional selection criteria: unlocked users only.

26)  Authorization object 1: S_TRANSPRT Value = 43

27)  S_TCODE = SE01; authorization object 1: S_TRANSPRT Value:1, 2; authorization object 2: S_DATASET Actvt: 06,33,34

28)  S_TCODE = SE03; authorization object 1: S_TRANSPRT Value: 06,43 ; authorization object 2: S_CTS_ADMI Value: TABL

29)  S_TCODE = SE10; authorization object 1: S_TRANSPRT Value: 01, 02; authorization object 2: S_DATASET Value: 06, 33, 34.

30)  S_TCODE = SCC4; authorization object 1: S_CLNT_IMP Value: 21, 60: Additional selection criteria – Unlocked users only

31)  S_TCODE: SM12; authorization object 1: S_C_FUNCT Value = *; activity value = 16; authorization object 2: S_ENQUE; S_ENQ_ACT Value = *.

6 REPLIES 6

Former Member
0 Kudos

What exactly is your question?

What the objects control should be clear and are documented in transaction SU21...

Cheers,

Julius

0 Kudos

Eventually a risk description in business-language?

0 Kudos

I assumed it's to get a list of what all of these authorisations combinations mean and why as an auditor you check who has access to them. That is, how is this access combination critical and what is the risk.

Former Member
0 Kudos

Hi Natalia,

Do you want to know what all these authorization objetcs stand for..?

If yes, the like Julius suggested; you can get to understand all of these with SU21.

Execute SU21 and search for all the required authorization objects. It will help you understand these.

Let us know if you need to know something else.

Regards,

Ameet

Former Member
0 Kudos

i want to learn what all these authorization objetcs stand for. 1,2,3,4... because each one asks a different report..

for example, lets talk about first one.

1)  SUIM---->   S_TCODE = SM36,Authorization Object 1: S_BTCH_ADM = Y; Authorization Object 2: S_BTCH_JOB = * for Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only


in this report. why does it ask this? what does it mean to to choose S_BTCH_ADM to Y ,S_BTCH_JOB, to * and choosing ..or Job Operations and * for Summary of jobs for a group; Additional selection criteria – Unlocked users only..


i wonder this. why is this report it important and what does it ask?


Thank you for your messages.

0 Kudos

You need to get yourself some very basic training first and some effort to read the documentation yourself.

Thread locked.