Skip to Content
avatar image
Former Member

creating a Perl script for SAP sytem profile parameter

Hi,

I need to create a perl script for all th eprofile parameter to check as a security directive ,so that whenever the system is started it checks for this profile parameter.

As per my company sap directive ,these are the profile parameter i need to set.

Can anyone let me know how to write the scripts.

login/min_password_lng Minimum password length for user password 320 Min.

8

login/password_expiration_t

ime

Number of days between forced password change. 0 Max.

35

login/fails_to_session_end Number of invalid logon attempts allowed before the

SAP GUI is disconnected.

3 Max.

3

login/fails_to_user_lock Number of invalid logon attempts before the user id is

automatically locked by the system.

12 Max.

6

rdisp/gui_auto_logout Time, in seconds, that SAPGUI is automatically disconnected

because of in-activity.

0 60-

7200

21

auth/test_mode Jump into report RSUSR400 at every authority check N N22

auth/system_access_check_

off

Switch off automatic authority check for special ABAP

commands

0 0

auth/no_check_in_some_ca

ses

Special authorization checks turned off by customer.

Enabling of Profile Generator

N/Y23 Y

login/ext_security Security access controlled by external software. N N24

auth/rfc_authority_check Permission for remote function calls from within ABAP

programs

0 1

login/failed_user_auto_unlo

ck

Enable system function for automatic unlock of users

at midnight. (0 = locks remain)

0 0

login/

no_automatic_user_sapstar

(as of 3.1h)

login/no_automatic_user_sa

p* (prior to 3.1h)

Disable ability to logon as SAP* with PASS as password

when SAP* deleted.

0 125,26

auth/tcodes_not_checked TCode checking for SU53 & SU56 analysis disabled (empty

)

"SU5

3

Regards,

Chetan.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Jul 09, 2009 at 06:25 AM

    > I need to create a perl script

    Just pasting your requirements isn't going to help, we prefer questions which tell us the poster already has put some effort in it.

    Besides that there's one thing to keep in mind: A lot of profile parameters have default settings so they do not need to be present in the file(s) to create dangers/security loopholes.

    Am I correct in assuming you want to create a pre-check which is incorporated in the (unix/linux) system start script to make sure it will not be started unless all parameters adhere to company policy?

    edit: deleted comment about wrong froum since thread was moved.

    Edited by: Jurjen Heeck on Jul 9, 2009 9:24 AM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Please read my prior blogs on how to use perl scripts to interface with an SAP system, that should answer all your questions.

      You can find them here:

      /people/david.hull2/blog

      Cheers,

      David.

  • avatar image
    Former Member
    Jul 08, 2009 at 11:05 PM

    >

    > Hi,

    >

    > I need to create a perl script for all th eprofile parameter to check as a security directive ,so that whenever the system is started it checks for this profile parameter.

    >

    What do you mean by this "system is started"? Is it restarting the Application Servers or Just a User logging into system?

    If you are thinking of SAP system bonce, then you don't need to create any such script to enforce the readiness of the parameters. It will be read while system reads Different Profiles.

    For the 2nd case also there is no such requirement is evident.

    Let me know if I understood your requirement incorrectly.

    Regards,

    Dipanjan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 09, 2009 at 06:53 AM

    I assume that you only want a perl answer and that it is coincidence that these parameters are security related, so will move it to the scripting forums.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded