bc940_46b_001Before you start implementation, make

文件名称: bc940_46b_001

所属分类: 其它

开发工具:

文件大小: 16mb

下载次数: 0

上传时间: 2019-03-02

提供者: ler****

下载 (16mb)

不能下载？报告错误

详细说明：Before you start implementation, make sure that you have the latest version of this document. You can find the latest version at the following location: http://help.sap.com/sltoolset Software Logistics Toolset 1.0. Scroll down to Documentation and choose System MaintenanceUpdating SAP Systems Using R/3 Security Servic es in Detail 口7 Copyright Copyright COpyright 1997 SAP AG. All rights reserved No part of this documentation may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG SAP AG further does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP AG shall not be liable for any special, indirect, incidental, or consequential damages, including without limitation, lost revenues or lost profits, which may result from the use of these materials. The information in this documentation is subject to change without notice and does not represent a commitment on the part of SAP AG in the future Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors Microsoft, WINDOWS, NTR and eXcEl and SQL-Server are registered trademarks of Microsoft Corporation. IBM, OS/2B, DB2/60008, AIX, OS/400R and AS/400 are a registered trademark of IBM Corporation OSF/Motife is a registered trademark of Open Software Foundation ORACLER is a registered trademark of oracle Corporation, California, USA INFORMIXR-On Line for SAP is a registered trademark of Informix Software Incorporated UNIX and X/Open(r are registered trademarks of Sco Santa Cruz Operation ADABASR is a registered trademark of Software AG SECUDER is a registered trademark of GMD-German National Research Center for Information T echnolo SAPR. R/2R, R/3R. RIVA. ABAPR. SAPoffice(R. SAPmailR. SaPaccesS(R). SAP-EDIR. SAP ArchiveLink(R, SAP Early Watch R, SAP Business Workflow, R/3 Retail(R are registered trademarks of SAP AG SAP AG assumes no responsibility for errors or omissions in these materials All rights reserved SAP AG Version 2. 0a July 31, 1998 R/3 Security Guide VOLUME I Copyright Version2.0a:J31,1998 SAP AG R/3 Security Servic es in Detail Ta ble of contents Table of contents CHAPTER 1: INTRODUCTION 11 Chapter1-1: Security with R/3……,, Chapter 1-2: How to Use the R/3 Security Guide..e. 1-3 TheR/3 Security Guide volume ll:R3 Security Services in Detail…….….….…….14 Chapter I-3: What is new in this guide:?....………1l-6 Chapter 1-4: Support and Feedback . Technical Consulting Services Feedback CHAPTER 2: THE R/3 SECURITY TOOLBOX.w2-1 Chapter 2-1: User 2-3 Password Protecting standard users ·;。··。 Preventing Unauthorized Logons Security measures When using the session manager...... ecurity Measures When Using SAP Shortcuts........ 2-8 Useful procedures in User authentication Additional information on user authentication 2-10 Chapter 2-2: R/3 Authorization Concept................ 2-11 Maintaining authorizations and profiles with the profile generator (pfcg) 2-12 Manually maintaining authorizations and profiles The authorization info Organizing Maintenance Tasks 2-16 Authority Checks…… 2-20 Reducing the scope of authority Checks in r/3 2-21 Additional Information on the r/3 Authorization Concept 2-22 Chapter 2-3: Network Infrastructure.. 2-23 Network topol 2-23 Network services 2-25 Routers and packet filters 2-27 The firewall and saprouter Security Concept for an R/3 Network…… ecure Network Communications(SNC) 2-32 Additional Information on Network Security 2-36 Chapter2-4: Operating System Protection………………,…,……2-37 R/3 Security under UNiX ·,···· 2-37 R/3 Security under Windows nt 2-43 Logical Operating System Commands in R3 ·········· 2-53 SAP AG Version 2. 0a July 31, 1998 R/3 Security Guide VOLUME I Ta ble of contents Chapter 2-5: Database Access Protection .o 2-55 Access Using Database Tools .2-56 ORACLE under UNIX 2-57 ORACLE under windowS nt ·.···· ······ INFORMIX under uNiX 2-70 ADABAS …2-73 DB2 Common Server under uniX .281 DB2 Common Server under windows nt 2-87 DB2/40.… 垂;;,,中日,垂 294 Chapter 2-6: Protecting Your Productive System( Change Transport System)..........2-99 IheR3 System Landscape…… 2-99 Configuring the System Landscape for Changes 2-101 Defining the Transport Process 2-103 Responsibilities and their Corresponding Authorizations in r/3 Emergency Changes in the Productive System 2-105 Additional Information for Change Transport System 2-106 Chapter2-7: Remote Communications(RFC&CPIC)……….,..,,……………,2-107 General Security measures 2-107 RFC Authorizations .····· 2-10 Trusted System Networks(RFC) 音。面·面面 2-109 Authorizations for External Server Programs(RFC and CPI-C) 甲· ….2-110 Secure network communications for remote communications 2-111 Additional Information on remote communications .2-111 Chapter2-8: Secure store& Forward mechanisms(SSF) and Digital Signatures…………2-112 Protecting Private Keys .2-113 Protecting Public Keys SAP Security Library (SAPSECULIB) …2-114 Additional Information on SSF and Digital Signatures 2-115 Chapter 2-9: Logging and Auditing The audit Info s (AIS) 2-116 The Security Audit log.. 2-117 System Log......… 2-118 Statistic Records in CCMs 2-120 Logging of Specific Actiⅳ vities……,…,, 2-120 Additional Information for Logging and Auditing 2-123 Chapter2-10: Special Topics.......,.….………,…,……2-124 R/3 Internet Application Components(IAC).………,2-124 Protecting Application Link Enabling(ALE) Applications 2-137 R/3 Online services ∴2-140 Virus protection and Integrity Checks Protecting Specific Tables, Authorizations Objects, etc 2-142 Version 2.0a July 31, 1998 SAP AG R/3 Security Servic es in Detail Ta ble of Figures CHAPTER 3: SUMMARY 3 Chapter 3-1: Tools, Transactions, and Reports 3-1 Chapter 3-2: Profile parameters 非非看自。。e。D鲁。非鲁。非。自看。。。。。。D。非。。 3-3 Chapter 3-3: Authorization objects 3-9 Table of Fiqures Figure 2-2-1: Authorization Maintenance in R/3/ Profile Generator Figure 2-2-2: Organization of User Maintenance T asks Figure 2-3-1: Separating Frontend LANs from the Server LAN Figure 2-3-2: Firewall 2-28 Figure 2-3-3: Recommended R/3 Network Topology Figure 2-3-4: Two-way Connection Using the SAProuter and a Router/Packet Filter .2-32 Figure 2-3-5: Application Level Protection Provided by SNc 2-33 Figure 2-3-6: Network Area Protected with SNC Figure 2-3-7: SNC Protection between sAProuters 2-35 Figure 2-4-1: R/3 Directory Structure under UNIX 2-40 Figure 2-4-2: NT Domains mASTFR and SAP 2-48 Figure 2-4-3 Windows Nt and R/3 Administration Users and Groups........ 2-49 igure 2-5-1: DB2/400 User Security Concept 2-95 Figure 2-6-1: Recommended Three-Tier System Landscape 2-100 Figure 2-10-1: The Intemet Transaction Server 2-124 Figure 2-10-2: The Internet Transaction Server Architecture 2-126 Figure 2-10-3: Providing ITS Security 2-128 Figure 2-10-4: Example ITS Network Topology 2-132 SAP AG Version 2. 0a July 31, 1998 R/3 Security Guide VOLUME I Ta ble of tables Table of tables Table 1-2-1 Typographical Information Used in this Guide 1-5 Table 1-2-2, Standard notations used in this guide 1-5 Table 2-0-1: The Security Toolbox Table 2-0-2 Sources for Information for additional areas of interest 2-2 Table 2-1-1: Profile Parameters Applying to Passwords 2-4 Table 2-1-2 Default passwords for standard users 2- Table 2-1-3 Loss of Functions when Locking the User SAPCPIC 2-6 Table 2-1-4 Profile Parameters Applying to Preventing Unauthorized Logons .2-8 Table 2-2-1: Organization of the User Administrators when using the Profile Generator Table 2-2-2: Organization of the User Administrators When Maintaining Profiles Manually 2-19 Table 2-3-1 Ports used by R/3 2-27 Table 2-3-2, SNC-Protected communication paths Table 2-4-1: Setting Access Privileges for R/3 Directories and Files under Unix 2-41 Table 2-4-2 Users and their functions under windows nt 2-45 Table 2-4-3. Database users Table 2-5-1: Changing the Passwords for ORACLE Standard Users(ORACLE/UNIX .257 Table 2-5-2 Setting Access Privileges for ORACLE Directories and Files(ORACLE /UNIX 2-60 Table 2-5-3: Changing the Passwords for ORACLE Standard Users(ORACLE /Windows NT) 2-64 Table 2-5-4: Setting Access Privileges for DB2 /CS Directories and Files(ORACLE /Windows NT .265 Table 2-5-5 Changing the Passwords for INFORMIX Standard Users(INFORMIX /UNIX) 2-70 Table 2-5-6: Setting Access Privileges for INFORMIX Directories and Files(INFORMIX / UNIX)......2-71 Table 2-5-7 Changing the Passwords for ADABAS Standard Users(adABas /All 2-73 Table 2-5-8 Changing the Passwords for ADABas Standard Users(ADABAS /UNIX) 2-75 Table 2-5-9 Setting Access Privileges for ADABAS Directories and Files(ADABAS /UNIX) .2-75 Table 2-5-10: Changing the Passwords for DB2/CS Standard Users(DB2/CS /UNIX) 2-82 Table 2-5-11: Setting Access Privileges for dB2/CS Directories and Files(DB2/CS /UNIX) 2-84 Table 2-5-12: DB2/CS Standard Users under Windows NT(DB2/CS /Windows NT) Table 2-5-13: DB2/CS Standard Groups under Windows NT(DB2/CS/Windows NT 2-88 Table 2-5-14: Managing the Passwords for DB2/CS Standard Users (DB2/CS /Windows NT) 2-90 Table 2-5-15: Environment Variables for DB2/CS under Windows NT (DB2/CS/Windows NT) 2-90 Table 2-5-16: Setting Access Privileges for DB2/CS Directories and Files (dB2/CS /Windows Nt).......2-91 Table 2-5-17: Changing the Passwords for DB2/400 Standard Users (DB2/400) 2-97 Table 2-6-1: Authorization Profiles for Change and Transport roles 2-105 Table 2-6-2 Authorizations for Development and Transport 2-105 Table 2-9-1: Profile Parameters for the Security Audit Log 2-117 Table 2-9-2: Profile Parameters and File locations for the system Log 2-119 Table 2-9-3, profile parameters for statistic records in cCms 2-120 Table 3-1-1: Tools, Transactions, and reports in R13 3-1 Table 3-2-1. Profile parameters 3-3 Table 3-3-1 Authorization objects 3-9 Version 2.0a July 31, 1998 SAP AG R/3 Security Servic es in Detail Ta ble of useful procedures Table of useful procedures UP 2-1-1: Specifying Impermissible Passwords 2-9 UP 2-1-2: Defining a new Super User and Deactivating SAP UP 2-1-3 Changing the Passwords for Standard Users 2-9 UP 2-5-1 Changing the Passwords for adm and ora(ORACLE /UNIX) 2-61 UP 2-5-2 Changing the Passwords for SYS, SYSTEM, and SAPR3 using chdbpass(ORACLE /UNIX) 2-62 UP 2-53 Setting Access Privileges for Files and Directories(ORACLE/UNIX UP 2-5-4: Specifying the Name of the User that Starts R/3-SAPService (ORACLE/Windows NT).2-67 UP 2-5-5: Creating an OPS$ User for ADM(ORACLE /Windows Nt 2-67 UP 2-5-6 Creating an OPSS User for SAPService(ORACLE/Windows NT) 2-68 UP 2-5-7 Changing the Password of SAPR3 (ORACLE /Windows NT) 2-68 UP 2-5-8 Changing the passwords for adn, sapr3, and informix(INFORMIX/UNIX) 2-71 UP 2-5-9 Setting Access Privileges for Files and Directories(INFORMIX/UNIX 2-72 UP 2-5-10: Changing the Passwords for the Users CONTROL, SUPERDBA, and OPERATOR (ADABAS/All)...2-77 UP 2-5-11: Updating the XUSER File for the Users CONTROL and SUPERDBA (ADABAS/All) 2-77 UP 2-5-12 Changing the Password of SAPR3 As User sAFR3(ADABAS/All 2-78 UP 2-5-13: Changing the Password of SAPR3 As User SUFERDBA(ADABAS/All) 2-78 UP 2-5-14: Updating the XUSER File for the User SAPR3(ADABAS/All) 2-79 UP 2-5-15 Changing the Passwords for adm and sad(ADABAS /UNIX 2-79 UP 2-5-16: Setting Access Privileges for Files and Directories(ADABAS/UNIX) 2-80 UP 2-5-17: Changing the password for db 2(DB2/CS/UNIX) 2-85 UP 2-5-18: Setting Access Privileges for Files and Directories(ADABAS/UNIX) 2-85 UP 2-5-19 Recreating the File dscdo5. conf(DB2/CS /Windows nt 2-92 UP 2-5-20: Changing the Environment Variable DB2 DB EEKEY (DB2/CS /Windows Nt) 2-93 UP 2-5-21: Changing the passwords for OFR and OPR Using CHGPWD(DB2/ 400) 2-98 UP 2-10-1: Verifying Required Authorizations using Trace 2-139 SAP AG Version 2. 0a July 31, 1998 R/3 Security Guide VOLUME I Ta ble of useful procedures Version2.0a:J31,1998 SAP AG

(系统自动生成,下载前可以参看下载内容)