SAP PARAMETER之User security相关
Simple changes can rise your system security. Usage of SAProuter is agood choice when correctly implemented. Login through SAP LogonPad (fromversion 3.0f onwards) improve the access control. SAP profileparameters shall also contain:Rdisp/gui_auto_logout = 1800
The user connection is closed after 30 minutes without usage. This parameter is deactivated by setting the value to 0.
Login/fails_to_session_end = 3
After 3 wrong password the connection is automaticly closed.
The default value is 3, can set it to any value between 1 and 99
Login/fails_to_users_lock = 5
After 5 wrong password the user is locked. The default value is 12. Possible values are form 1 to 99.
Login/min_password_lng = 6
Password length at least 6 characters.
Login/password_expiration_time = 90
Password expires after 3 months.
login/system_client
login/no_automatic_user_sapstar
Disables special properties for for user SAP*, when this parameter is set to a value greater than 0
auth/no_check_in_some_cases
Thisparameter is set to switch off special authorization checks bycustomers and is the main parameter for activating the Profile GeneratorTool. Values can be either Y(yes) or N(no)
对于Parameter : auth/no_check_in_some_cases再看看更详细的说明 《Note:416016》
Parameter description :
This parameter must be set to "Y" if you are using the profile generator.
Theprofile generator uses the authorization default values that you canmanage with Transaction SU24.This transaction is also used to suppresscertain authorization checks for selected transactions.
Note:
Ifyou deactivate authorization checks using Transaction SU24, the userscan carry out activities without the required authorizations.
Nevertheless, it could be useful to reduce the extent of the authorization check in the following cases, for example:
1.You are not using the authorization object connected to theauthorization check (for example, you may need HR authorizations in FIeven though you are not actually using the HR SAP system).
2. Theauthorization check for the S_TCODE object still protects the coretransaction.(However, bear in mind that the authorization check S_TCODEprovides only a very general level of protection.This is not asufficient reason to suppress an authorization check.)
3. You want to avoid admitting all values (*) for all authorization fields in the authorization object.
页:
[1]