cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

creating a Perl script for SAP sytem profile parameter

Go to solution
Former Member

on ‎07-08-2009 11:01 PM

0 Kudos

Hi,

I need to create a perl script for all th eprofile parameter to check as a security directive ,so that whenever the system is started it checks for this profile parameter.

As per my company sap directive ,these are the profile parameter i need to set.

Can anyone let me know how to write the scripts.

login/min_password_lng Minimum password length for user password 320 Min.

8

login/password_expiration_t

ime

Number of days between forced password change. 0 Max.

35

login/fails_to_session_end Number of invalid logon attempts allowed before the

SAP GUI is disconnected.

3 Max.

3

login/fails_to_user_lock Number of invalid logon attempts before the user id is

automatically locked by the system.

12 Max.

6

rdisp/gui_auto_logout Time, in seconds, that SAPGUI is automatically disconnected

because of in-activity.

0 60-

7200

21

auth/test_mode Jump into report RSUSR400 at every authority check N N22

auth/system_access_check_

off

Switch off automatic authority check for special ABAP

commands

0 0

auth/no_check_in_some_ca

ses

Special authorization checks turned off by customer.

Enabling of Profile Generator

N/Y23 Y

login/ext_security Security access controlled by external software. N N24

auth/rfc_authority_check Permission for remote function calls from within ABAP

programs

0 1

login/failed_user_auto_unlo

ck

Enable system function for automatic unlock of users

at midnight. (0 = locks remain)

0 0

login/

no_automatic_user_sapstar

(as of 3.1h)

login/no_automatic_user_sa

p* (prior to 3.1h)

Disable ability to logon as SAP* with PASS as password

when SAP* deleted.

0 125,26

auth/tcodes_not_checked TCode checking for SU53 & SU56 analysis disabled (empty

)

"SU5

3

Regards,

Chetan.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jurjen_heeck
Active Contributor
‎07-09-2009 7:25 AM
0 Kudos

> I need to create a perl script

Just pasting your requirements isn't going to help, we prefer questions which tell us the poster already has put some effort in it.

Besides that there's one thing to keep in mind: A lot of profile parameters have default settings so they do not need to be present in the file(s) to create dangers/security loopholes.

Am I correct in assuming you want to create a pre-check which is incorporated in the (unix/linux) system start script to make sure it will not be started unless all parameters adhere to company policy?

edit: deleted comment about wrong froum since thread was moved.

Edited by: Jurjen Heeck on Jul 9, 2009 9:24 AM

Show replies
Show replies
Former Member
‎07-09-2009 8:37 PM
0 Kudos

yes ,can you help me the steps to create this script.

Former Member
‎07-10-2009 3:55 PM
0 Kudos

Here's a simple perl script that should help you get what it is you're looking for - you can add all the parameters you want to search for, I just took a few of them:

#!/usr/bin/perl -w
use strict;
use sapnwrfc;
SAPNW::Rfc->load_config;
my $rfc = SAPNW::Rfc->rfc_connect;
my @parms = (   "login/min_password_lng",
		"login/password_expiration_time",
		"login/fails_to_session_end",
		"login/fails_to_user_lock" );
for my $x (0 .. $#parms) {
	my $rcc = $rfc->function_lookup("SXPG_PROFILE_PARAMETER_GET");
	my $slr = $rcc->create_function_call;
	$slr->PARAMETER_NAME($parms[$x]);
	$slr->invoke;
	print "Value for $parms[$x] is: ".$slr->PARAMETER_VALUE."\n";
}
$rfc->disconnect();

And running it, you'll get:

[dhull@397 scripts]$ ./read-profile.pl 
Value for login/min_password_lng is: 7
Value for login/password_expiration_time is: 90
Value for login/fails_to_session_end is: 3
Value for login/fails_to_user_lock is: 6
[dhull@397 scripts]$

If you need to get your perl environment read to make RFC calls to your SAP system, check my series of blogs on how to do so here:

https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/u/251752730

Cheers,

David.

Former Member
‎07-10-2009 8:22 PM
0 Kudos

Thanks David for the information.

I am new to this ,Perl script.

Can you let me know how to use this script in unix platform and how do i run from unix. What will be the data or cript that includes RFC value, to get the profile parameter value from different server.

Thanks,

Chetan.

Former Member
‎07-10-2009 8:40 PM
0 Kudos

Please read my prior blogs on how to use perl scripts to interface with an SAP system, that should answer all your questions.

You can find them here:

/people/david.hull2/blog

Cheers,

David.

Answers (2)

Answers (2)

Former Member
‎07-09-2009 7:53 AM
0 Kudos

I assume that you only want a perl answer and that it is coincidence that these parameters are security related, so will move it to the scripting forums.

Cheers,

Julius

Show replies
Show replies
Former Member
‎07-09-2009 8:37 PM
0 Kudos

yes ,can you help me the steps to create this script.

sdipanjan
Active Contributor
‎07-09-2009 12:05 AM
0 Kudos

>

> Hi,

>

> I need to create a perl script for all th eprofile parameter to check as a security directive ,so that whenever the system is started it checks for this profile parameter.

>

What do you mean by this "system is started"? Is it restarting the Application Servers or Just a User logging into system?

If you are thinking of SAP system bonce, then you don't need to create any such script to enforce the readiness of the parameters. It will be read while system reads Different Profiles.

For the 2nd case also there is no such requirement is evident.

Let me know if I understood your requirement incorrectly.

Regards,

Dipanjan

Show replies
Show replies
Ask a Question