开发工具:
文件大小: 16mb
下载次数: 0
上传时间: 2019-03-02
详细说明:Before you start implementation, make sure that you have the latest version of this document. You can find the latest version at the following location: http://help.sap.com/sltoolset Software Logistics Toolset 1.0. Scroll down to Documentation and choose System MaintenanceUpdating SAP Systems Using R/3 Security Servic es in Detail
口7
Copyright
Copyright
COpyright 1997 SAP AG. All rights reserved
No part of this documentation may be reproduced or transmitted in any form or for any purpose without
the express permission of SAP AG
SAP AG further does not warrant the accuracy or completeness of the information, text, graphics, links or
other items contained within these materials. SAP AG shall not be liable for any special, indirect,
incidental, or consequential damages, including without limitation, lost revenues or lost profits, which
may result from the use of these materials. The information in this documentation is subject to change
without notice and does not represent a commitment on the part of SAP AG in the future
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors
Microsoft, WINDOWS, NTR and eXcEl and SQL-Server are registered trademarks of
Microsoft Corporation.
IBM, OS/2B, DB2/60008, AIX, OS/400R and AS/400 are a registered trademark of IBM
Corporation
OSF/Motife is a registered trademark of Open Software Foundation
ORACLER is a registered trademark of oracle Corporation, California, USA
INFORMIXR-On Line for SAP is a registered trademark of Informix Software Incorporated
UNIX and X/Open(r are registered trademarks of Sco Santa Cruz Operation
ADABASR is a registered trademark of Software AG
SECUDER is a registered trademark of GMD-German National Research Center for Information
T
echnolo
SAPR. R/2R, R/3R. RIVA. ABAPR. SAPoffice(R. SAPmailR. SaPaccesS(R). SAP-EDIR. SAP
ArchiveLink(R, SAP Early Watch R, SAP Business Workflow, R/3 Retail(R are registered trademarks of
SAP AG
SAP AG assumes no responsibility for errors or omissions in these materials
All rights reserved
SAP AG
Version 2. 0a July 31, 1998
R/3 Security Guide VOLUME I
Copyright
Version2.0a:J31,1998
SAP AG
R/3 Security Servic es in Detail
Ta ble of contents
Table of contents
CHAPTER 1: INTRODUCTION
11
Chapter1-1: Security with R/3……,,
Chapter 1-2: How to Use the R/3 Security Guide..e.
1-3
TheR/3 Security Guide volume ll:R3 Security Services in Detail…….….….…….14
Chapter I-3: What is new in this guide:?....………1l-6
Chapter 1-4: Support and Feedback .
Technical Consulting Services
Feedback
CHAPTER 2: THE R/3 SECURITY TOOLBOX.w2-1
Chapter 2-1: User
2-3
Password
Protecting standard users
·;。··。
Preventing Unauthorized Logons
Security measures When using the session manager......
ecurity Measures When Using SAP Shortcuts........
2-8
Useful procedures in User authentication
Additional information on user authentication
2-10
Chapter 2-2: R/3 Authorization Concept................ 2-11
Maintaining authorizations and profiles with the profile generator (pfcg)
2-12
Manually maintaining authorizations and profiles
The authorization info
Organizing Maintenance Tasks
2-16
Authority Checks……
2-20
Reducing the scope of authority Checks in r/3
2-21
Additional Information on the r/3 Authorization Concept
2-22
Chapter 2-3: Network Infrastructure..
2-23
Network topol
2-23
Network services
2-25
Routers and packet filters
2-27
The firewall and saprouter
Security Concept for an R/3 Network……
ecure Network Communications(SNC)
2-32
Additional Information on Network Security
2-36
Chapter2-4: Operating System Protection………………,…,……2-37
R/3 Security under UNiX
·,····
2-37
R/3 Security under Windows nt
2-43
Logical Operating System Commands in R3
··········
2-53
SAP AG
Version 2. 0a July 31, 1998
R/3 Security Guide VOLUME I
Ta ble of contents
Chapter 2-5: Database Access Protection .o
2-55
Access Using Database Tools
.2-56
ORACLE under UNIX
2-57
ORACLE under windowS nt
·.····
······
INFORMIX under uNiX
2-70
ADABAS
…2-73
DB2 Common Server under uniX
.281
DB2 Common Server under windows nt
2-87
DB2/40.…
垂;;,,中日,垂
294
Chapter 2-6: Protecting Your Productive System( Change Transport System)..........2-99
IheR3 System Landscape……
2-99
Configuring the System Landscape for Changes
2-101
Defining the Transport Process
2-103
Responsibilities and their Corresponding Authorizations in r/3
Emergency Changes in the Productive System
2-105
Additional Information for Change Transport System
2-106
Chapter2-7: Remote Communications(RFC&CPIC)……….,..,,……………,2-107
General Security measures
2-107
RFC Authorizations
.·····
2-10
Trusted System Networks(RFC)
音。面·面面
2-109
Authorizations for External Server Programs(RFC and CPI-C)
甲·
….2-110
Secure network communications for remote communications
2-111
Additional Information on remote communications
.2-111
Chapter2-8: Secure store& Forward mechanisms(SSF) and Digital Signatures…………2-112
Protecting Private Keys
.2-113
Protecting Public Keys
SAP Security Library (SAPSECULIB)
…2-114
Additional Information on SSF and Digital Signatures
2-115
Chapter 2-9: Logging and Auditing
The audit Info s
(AIS)
2-116
The Security Audit log..
2-117
System Log......…
2-118
Statistic Records in CCMs
2-120
Logging of Specific Actiⅳ vities……,…,,
2-120
Additional Information for Logging and Auditing
2-123
Chapter2-10: Special Topics.......,.….………,…,……2-124
R/3 Internet Application Components(IAC).………,2-124
Protecting Application Link Enabling(ALE) Applications
2-137
R/3 Online services
∴2-140
Virus protection and Integrity Checks
Protecting Specific Tables, Authorizations Objects, etc
2-142
Version 2.0a July 31, 1998
SAP AG
R/3 Security Servic es in Detail
Ta ble of Figures
CHAPTER 3: SUMMARY
3
Chapter 3-1: Tools, Transactions, and Reports
3-1
Chapter 3-2: Profile parameters
非非看自。。e。D鲁。非鲁。非。自看。。。。。。D。非。。
3-3
Chapter 3-3: Authorization objects
3-9
Table of Fiqures
Figure 2-2-1: Authorization Maintenance in R/3/ Profile Generator
Figure 2-2-2: Organization of User Maintenance T asks
Figure 2-3-1: Separating Frontend LANs from the Server LAN
Figure 2-3-2: Firewall
2-28
Figure 2-3-3: Recommended R/3 Network Topology
Figure 2-3-4: Two-way Connection Using the SAProuter and a Router/Packet Filter
.2-32
Figure 2-3-5: Application Level Protection Provided by SNc
2-33
Figure 2-3-6: Network Area Protected with SNC
Figure 2-3-7: SNC Protection between sAProuters
2-35
Figure 2-4-1: R/3 Directory Structure under UNIX
2-40
Figure 2-4-2: NT Domains mASTFR and SAP
2-48
Figure 2-4-3 Windows Nt and R/3 Administration Users and Groups........
2-49
igure 2-5-1: DB2/400 User Security Concept
2-95
Figure 2-6-1: Recommended Three-Tier System Landscape
2-100
Figure 2-10-1: The Intemet Transaction Server
2-124
Figure 2-10-2: The Internet Transaction Server Architecture
2-126
Figure 2-10-3: Providing ITS Security
2-128
Figure 2-10-4: Example ITS Network Topology
2-132
SAP AG
Version 2. 0a July 31, 1998
R/3 Security Guide VOLUME I
Ta ble of tables
Table of tables
Table 1-2-1 Typographical Information Used in this Guide
1-5
Table 1-2-2, Standard notations used in this guide
1-5
Table 2-0-1: The Security Toolbox
Table 2-0-2 Sources for Information for additional areas of interest
2-2
Table 2-1-1: Profile Parameters Applying to Passwords
2-4
Table 2-1-2 Default passwords for standard users
2-
Table 2-1-3 Loss of Functions when Locking the User SAPCPIC
2-6
Table 2-1-4 Profile Parameters Applying to Preventing Unauthorized Logons
.2-8
Table 2-2-1: Organization of the User Administrators when using the Profile Generator
Table 2-2-2: Organization of the User Administrators When Maintaining Profiles Manually
2-19
Table 2-3-1 Ports used by R/3
2-27
Table 2-3-2, SNC-Protected communication paths
Table 2-4-1: Setting Access Privileges for R/3 Directories and Files under Unix
2-41
Table 2-4-2 Users and their functions under windows nt
2-45
Table 2-4-3. Database users
Table 2-5-1: Changing the Passwords for ORACLE Standard Users(ORACLE/UNIX
.257
Table 2-5-2 Setting Access Privileges for ORACLE Directories and Files(ORACLE /UNIX
2-60
Table 2-5-3: Changing the Passwords for ORACLE Standard Users(ORACLE /Windows NT)
2-64
Table 2-5-4: Setting Access Privileges for DB2 /CS Directories and Files(ORACLE /Windows NT
.265
Table 2-5-5 Changing the Passwords for INFORMIX Standard Users(INFORMIX /UNIX)
2-70
Table 2-5-6: Setting Access Privileges for INFORMIX Directories and Files(INFORMIX / UNIX)......2-71
Table 2-5-7 Changing the Passwords for ADABAS Standard Users(adABas /All
2-73
Table 2-5-8 Changing the Passwords for ADABas Standard Users(ADABAS /UNIX)
2-75
Table 2-5-9 Setting Access Privileges for ADABAS Directories and Files(ADABAS /UNIX)
.2-75
Table 2-5-10: Changing the Passwords for DB2/CS Standard Users(DB2/CS /UNIX)
2-82
Table 2-5-11: Setting Access Privileges for dB2/CS Directories and Files(DB2/CS /UNIX)
2-84
Table 2-5-12: DB2/CS Standard Users under Windows NT(DB2/CS /Windows NT)
Table 2-5-13: DB2/CS Standard Groups under Windows NT(DB2/CS/Windows NT
2-88
Table 2-5-14: Managing the Passwords for DB2/CS Standard Users (DB2/CS /Windows NT)
2-90
Table 2-5-15: Environment Variables for DB2/CS under Windows NT (DB2/CS/Windows NT)
2-90
Table 2-5-16: Setting Access Privileges for DB2/CS Directories and Files (dB2/CS /Windows Nt).......2-91
Table 2-5-17: Changing the Passwords for DB2/400 Standard Users (DB2/400)
2-97
Table 2-6-1: Authorization Profiles for Change and Transport roles
2-105
Table 2-6-2 Authorizations for Development and Transport
2-105
Table 2-9-1: Profile Parameters for the Security Audit Log
2-117
Table 2-9-2: Profile Parameters and File locations for the system Log
2-119
Table 2-9-3, profile parameters for statistic records in cCms
2-120
Table 3-1-1: Tools, Transactions, and reports in R13
3-1
Table 3-2-1. Profile parameters
3-3
Table 3-3-1 Authorization objects
3-9
Version 2.0a July 31, 1998
SAP AG
R/3 Security Servic es in Detail
Ta ble of useful procedures
Table of useful procedures
UP 2-1-1: Specifying Impermissible Passwords
2-9
UP 2-1-2: Defining a new Super User and Deactivating SAP
UP 2-1-3 Changing the Passwords for Standard Users
2-9
UP 2-5-1 Changing the Passwords for adm and ora(ORACLE /UNIX)
2-61
UP 2-5-2 Changing the Passwords for SYS, SYSTEM, and SAPR3 using chdbpass(ORACLE /UNIX)
2-62
UP 2-53 Setting Access Privileges for Files and Directories(ORACLE/UNIX
UP 2-5-4: Specifying the Name of the User that Starts R/3-SAPService (ORACLE/Windows NT).2-67
UP 2-5-5: Creating an OPS$ User for ADM(ORACLE /Windows Nt
2-67
UP 2-5-6 Creating an OPSS User for SAPService(ORACLE/Windows NT)
2-68
UP 2-5-7 Changing the Password of SAPR3 (ORACLE /Windows NT)
2-68
UP 2-5-8 Changing the passwords for adn, sapr3, and informix(INFORMIX/UNIX)
2-71
UP 2-5-9 Setting Access Privileges for Files and Directories(INFORMIX/UNIX
2-72
UP 2-5-10: Changing the Passwords for the Users CONTROL, SUPERDBA, and OPERATOR (ADABAS/All)...2-77
UP 2-5-11: Updating the XUSER File for the Users CONTROL and SUPERDBA (ADABAS/All)
2-77
UP 2-5-12 Changing the Password of SAPR3 As User sAFR3(ADABAS/All
2-78
UP 2-5-13: Changing the Password of SAPR3 As User SUFERDBA(ADABAS/All)
2-78
UP 2-5-14: Updating the XUSER File for the User SAPR3(ADABAS/All)
2-79
UP 2-5-15 Changing the Passwords for adm and sad(ADABAS /UNIX
2-79
UP 2-5-16: Setting Access Privileges for Files and Directories(ADABAS/UNIX)
2-80
UP 2-5-17: Changing the password for db 2(DB2/CS/UNIX)
2-85
UP 2-5-18: Setting Access Privileges for Files and Directories(ADABAS/UNIX)
2-85
UP 2-5-19 Recreating the File dscdo5. conf(DB2/CS /Windows nt
2-92
UP 2-5-20: Changing the Environment Variable DB2 DB EEKEY (DB2/CS /Windows Nt)
2-93
UP 2-5-21: Changing the passwords for OFR and OPR Using CHGPWD(DB2/ 400)
2-98
UP 2-10-1: Verifying Required Authorizations using Trace
2-139
SAP AG
Version 2. 0a July 31, 1998
R/3 Security Guide VOLUME I
Ta ble of useful procedures
Version2.0a:J31,1998
SAP AG
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.