Transaction

Description

TADM10_1
1 SESSION_MANAGER 2 SICF 3 SMICM 4 SU3 5 RSPFPAR 6 7 8 9 10 11 12 13 14 15 16 17 18 SM04 SU01 PFCG SE43 SE16 SM30 SBWP/SO01 SMW0 SIGS SM51 SMMS SMGW SM50 Initial transaction in SAP standard menu ICF Administration (Services) ICM administration Maintain Users Own data Display System Parameters Monitor users per instance User Maintenance Role Maintenance Tool Area Menu Maintenance Display and Create Table Contents Maintain Table Views Business Workplace SAP Web Repository Image Upload IGS Administration Shows Instances of the system. Message Server Monitor Gateway Monitor Shows processes of an instance

19 SM66 20 ST02 21 SP01 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 SP02 SM36 SM36WIZ SMX AL08 ST07 ST06/OS06 RZ03 ST11 AL11 SM35 SM02 SE37-> TH_POPUP RZ11 RZ04 SM63 STRUSTSSO2 SPRO SPRO_ADMIN

Shows processes of an instance (global) SAP Memory Spool and Output Requests Administration Spool Requests Administration Creation of Jobs Creation of Jobs (wizard) Job Monitoring (own jobs) Monitor users per system Monitor users per instance by application OS Monitor CCMS Control Panel Startup Error Log Files SAP Directories & Env variables Batch Input Overview and Monitoring System Messages Administration Function to send messages to a user System Parameters (1 at the time) Operation Modes Operation Modes Time Table Trust Manager for Logon Ticket SAP Customizing through IMG SAP Customizing: Project Administration

41 42 43 44 45 46

SCC4 SE09/SE10 STMS ABAPDOCU SE13 SE14

Client Administration Transport Organizer TMS Configuration Abap Documentation Dictionary - Technical Settings DB Utility (to create tables in DB)

TADM10_2
47 SITSPMON Internal ITS Status

48 SICFRECORDER 49 SMLG

enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests SAP Logon Groups Every user can display his or her own user buffer with this transaction Group maintenance Area Menu Maintenance Set Initial Area Menu Systemwide Mass Changes for Users Authorization Profiles Authorization Objects and Authorizations Maintenance Check Failed Authorizations System Trace (User Authorization Trace) User Master Data Reconciliation User Information The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP. the AIS is now delivered with a series of roles. Analysis of Security Audit Log Security Audit (Static and Dynamic Configuration) RFC Destinations Transactional RFC qRFC (outbound queue) qRFC (inbound queue) List each RFC destination and the user involved Report that gets and sets RFC quotas Distribution model Partner profiles Port definitions

50 51 52 53 54 55 56 57 58 59 60

SU56 SUGR SE43 SSM2 SU10 SU02 SU03 SU53 ST01 PFUD SUIM

61 SECR 62 SM20

63 64 65 66 67 68 69 70 71

SM19 SM59 SM58 SMQ1 SMQ2 RSRFCCHK RSARFCLD BD64 WE20

72 WE21

73 74 75 76 77 78 79 80 81 82 83 84

WSADMIN BAPI SWDD SWUI_DEMO RMMAIN SALE BD54 SLDHTMLGUI RZ70 SLDCHECK RZ20 RZ21

SAP WAS 6.40 and higher also provides the WebService Framework, which allows you, among other things, to declare individual modules as web services. BAPI browser (4.0) Workflow Builder Wokflows Demos

Transactions as they appeared on course TADM10/TADM12 November 2009

WAS Administration Transactions

Transaction SESSION_MANAGER

Navigation Initial transaction in SAP standard menu search the corresponding menus for the predefined text pattern in sap menu. search the corresponding menus for the predefined text pattern in user menu.

Notes

SEARCH_SAP_MENU

SEARCH_USER_MENU

The users and SAP menus can be structured in a pretty complex way. It is then difficult to remember the exact path for the transaction you are looking for. The search result is prepared in a list view from which you can take the navigation path.

Shortcut in Command Field /n /nXXXX /o /oXXXX /nend /nex /i %sc %pc /$sync /$sync all SMW0 Cancel the current transaction Call transaction XXXX directly from another transaction Display an overview of sessions Call transaction XXXX in a new session directly from another transaction End the logon session with a confirmation dialog box End the logon session without a confirmation dialog box Delete the session you are currently using Search a string in a screen page Download a document to your desktop SAP buffer reset SAP buffer reset SAP Web Repository Image Upload

SAP Administration and Configuration SM51 SM50 SM66 SM04 AL08 ST07 ST02 SM12 SM13 SM14 SM21 ST22 AL11 SMLG ST11 RZ03 SICK /SM28 SM01 SM02 SE37 -> TH_POPUP RZ04 SM63 SR13 SSAA Shows Instances of the system. Shows processes of an instance Shows processes of an instance (global) Monitor users per instance Monitor users per system Monitor users per instance by application SAP Memory SAP Locks SAP Updates SAP Update Administration SAP Logs SAP Dumps SAP Directories & Env variables SAP Logon Groups Startup Error Log Files CCMS Control Panel SAP Consistency Check Transaction Code Administration System Messages Administration Function to send messages to a user Operation Modes Operation Modes Time Table SAP HELP and Documentaion Configuration System Administration Assistant Initialize and stop instances, trigger manualy operation modes. Lock / Unlock of transactions Shows requests in dispatcher's queue

SLG0

Use transaction SLG0 to define entries for your own applications in the application log.

SLG1 SLG2 SCU3 SMGW SIGS ST06/OS06

The application log includes application messages, just as the system log includes system messages. It is used heavily in SAP APO, the SAP SCM Event Manager, and Warehouse Management. The log traces application events and tasks, and reports on their activity (for example, transfer of data from SAP ECC to SAP APO). The application log is used to trace who initiated the transfer, when the transfer was made, and what was transferred. Old application logs can be deleted in transaction SLG2. Table Changes Log Gateway Monitor IGS Administration OS Monitor Batch Input

SM35

Batch Input Overview and Monitoring SAP Archiving

SARA FILE DB15

Archive Administration Logical Path File Definition for Archiving Tables and Archiving Objects Relations

SAP Parameters and Profiles RSPFPAR RZ10 RZ11 SAPPFPAR Display System Parameters System Parameters Administration System Parameters (1 at the time) Shows profile parameters

OS Command

Internet and Browser-Based Administration SMICM SICF ICM administration ICF Administration (Services) enables developers and administrators to identify and correct sources of error in failed service calls by recording HTTP requests Internal ITS Status

SICFRECORDER SITSPMON

SBWP/SO01

Mail and Collaboration Tools Business Workplace

Monitoring RZ20 RZ21 GRMG CCMS Monitoring Configuracin del CCMS monitoring Generic Request and Message Generator

Notes

ST03G

Global Workload Monitor displays Java statistical records that are used for performance monitoring. If you find errors in the Global Workload monitor, you can analyze these using the performance trace (also known as the functional trace). The performance trace provides a finer granularity than DSR. SAP Workload: Business Transaction Analysis

The SAP WAS Java can write distributed statistics records (DSRs), that can trace actions that are processed using non-ABAP components such as WAS Java, Business Connector (BC) and ITS. The writing of the statistics records is activated when the SAPCCMSR agent is registered and the standard job SAP_COLLECTOR_FOR_NONE_R3_STAT is started in ABAP.

STATTRACE STAD

ALRTINBOX SALRT1 ALRTCATDEF SA38 -> RSTBHIST ST10 STUN SMMS

Auto-reaction method CCMS_Send_Alert_to_ALM forwards alerts for assigned monitoring architecture nodes to the ALM. This method is similar to CCMS_OnAlert_Email, with which you can define an automatic alert notification. A difference is that when you are forwarding The Alert Inbox is an application based alerts to the ALM, you no longer need to on BSP which calls the URL specify the sender and recipient in the http://host:port/sap/bc/bsp/sap/alertinbox method definition. RFC destination for Central Alert Server Alert Categories Management Obtain a list of those tables that are currently set to be logged. Performance Analysis: Table Buffer Invalidations Performance Monitoring Menu Set of monitoring tools Message Server Monitor

SAP Office and Communications SBWP / SO01 SE37 --> th_popup OSS1 SM55 SAP Business Workplace Sends personalized popup messages to users Log On to SapNet THOST Table Maintenance

Database Administration (Oracle) DB01 DB02 DB03 DB05 Database Locks Database Space Overview Log of database parameters changes Analysis of table with respect of Indexed fields lets you view backup results and the status of the archive directory. Provides recovery report checking if all backups are available to perform a restore and recovery. Schedules backups and other administrative jobs in the database system. Schedules backups and administrative activities centrally for several SAP systems and databases. Checks the status and logs of all database operations, including backup monitoring, updates of the optimizer statistics, and database checks.

DB12 DB13

Backup log overview DBA planning calendar

DB13C

Central DBA planning calendar

DB14 DB16

DBA Operations Monitor Overview of database checks

DB17 DB20 DB21 DB24 DB26

Configuration of database checks maintain statistics configuration of statistics Logs for Administrative Database Operations database parameter overview

View and maintain check conditions used by a database system check.

DB02 ST04 ST04N RZ20

Tables and Indexes monitor Database Performance monitor New Oracle database monitor Database Alert monitor

Monitors the storage behavior of the database and the status of the database objects. Displays the most important indicator for Oracle database performance. Monitors all preset alerts for different areas of the database. this report is called directly in transaction se38

RSORATAD

D BACOCKPIT ST04OLD, DB02OLD, DB12OLD, DB13OLD, DB14OLD

determine the index storage quality This transaction replaces various transactions previously used for monitoring and administration In WAS 7.0, all previous transactions have been renamed to <Previous transaction code>OLD.

See note 1028624

RFC RZ12 SM59 SM59_OLD SM58 SMQ1 SMQ2 SMQ3 SMQA SMQE SMQR SMQS RSARFCLD RSARFCSE SABP0000 SABP0003 RSRFCCHK RFC Server Group Maintenance RFC Destinations RFC Destinations Transactional RFC qRFC (outbound queue) qRFC (inbound queue) qRFC (saved e-queue) tRFC/qRFC: Confirm status qRFC Administration qRFC Monitor (QIN Scheduler) qRFC Monitor (QOUT Scheduler) Report that gets and sets RFC quotas Execute ARFC as background job customize interval of RSARFCSE List each RFC destination and the user involved

Notes

Printers SPAD SP01 SP02 SP11 SP12 Spool Administration Spool and Output Requests Administration Spool Requests Administration List objects in TemSe TemSe Administration

Web Services

Notes

WSADMIN

SAP WAS 6.40 and higher also provides the WebService Framework, which allows you, among other things, to declare individual modules as web services.

ABAP Development Workbench

SE80 SE38 SA38 SE11 SE12 SE13 SE14 SE16 SM30 SM31 SD11 SE93 ABAPDOCU

Abap Object Navigator Abap - Program Editor Abap - Program Execution Abap Dictionary Editor Abap Dictionary Display Dictionary - Technical Settings DB Utility (to create tables in DB) Display and Create Table Contents Maintain Table Views Maintain Table Views Abap Data Modeler Maintain Transactions Abap Documentation

Define technical features of tables

Change and Transport System SPRO SPRO_ADMIN SE09 SE10 SE01 STMS SE06 SE03 SPAM SAINT SPDD SPAU SE95 SNOTE SAP Customizing through IMG SAP Customizing: Project Administration Transport Organizer Create and Release of change requests Transport Organizer Create and Release of change requests Transport Organizer (Extended View) TMS Configuration Create Systems, Transport Routes and QA Intitialize transport tables and sys-changeoption button Transport Organizer Tools Support Package Manager Application of Support Packages Add-On Installation Tool Modification Adjjustment Dictionary Modification Adjjjustment (other objects) Modification Browser Note Assistant This is not a transaction. It is a key that must be entered in the command field of transaction STMS Client Administration SCC4 SCCL SCC9 SCC1 SCC5 SCC8 SCC7 SCC3 SCU0 SCMP Client Administration Local Client Copy Remote Client Copy Copy Customizing Change Request Delete Client Client Export Client Import Post-processing Client Copy Logs Customizing Cross-System Viewer View/Table System Comparison same as table T000

dico Hard reset of TMS

Jobs Administration SM36 SM36WIZ SM37 SM62 SM64 SM69 SM49 SM61 SMX Creation of Jobs Creation of Jobs (wizard) Job Monitoring Events Maintainance Trigger of events Mantener comandos OS Ejecuta comandos OS Create Job Groups Job Monitoring (own jobs) LDAP Administration LDAP Directory Service Connection

License Administration SLICENSE LICENSE_ADMIN SAP License Administration License Administration Workbench http://help.sap.com/saphelp_nw04/helpdata/e n/ee/ee133bfae0750ce10000000a11402f/fra meset.htm

SLAW USMM

License Auditing System Measurement Transaction

Installation and Upgrade (OS) -> SAPINST (OS) -> SAPUP (OS) -> SAPJUP ICNV SAP Installation SAP Upgrade - Abap SAP Upgrade - Java Table Incremental Conversion

SAP Workflows WF: WS30000015 shows the absence notification process

SWDD SWXF SWUI_DEMO

Workflow Builder Workflow demo - create absence notification Wokflows Demos

Application Link Enabling (ALE) WEDI WE02 WE05 WE07 WE12 WE14 WE15 WE16 WE19 WE20 WE21 WE30 WE31 WE42 WE46 WE47 WE57 WE60 WE61 WE62 WE81 Idoc basis Display idocs Monitoring of idoc lists Idoc statistics Inbound processing of outbound file Outbound processing from idoc Outbound processing from message control Inbound processing of idoc file Test tool inbox Partner profiles Port definitions Idoc type editor Idoc segment editor See Inbound Process Code table Idoc administration Status maintenance Assignment function module - logical message - idoc type Documentation for idoc types Documentation for idoc record types Documentation for segments (3.x only) Overview of all message types Finds out which version of the basic type is best suited to your SAP system's release. Customzing of output determination Integrated inbox Business object builder Business object repository Workflow workbench Workflow customizing Event type linkage

Notes

WE82 NACE SO01 SWO1 SWO2 SWLD SWU3 SWE2

SWI1 SWI2 SWUS SWEL PPOS PFTC PFAC

Display work items Work item analysis Start workflow Workflow event log Display organizational plan Tasks Standard roles You find all customizing settings in this transaction, or you can get the same in the following path: IMG (SPRO) -> SAP NetWeaver -> SAP Web Application Server > IDoc Interface / Application Link Enabling (ALE )

SALE BALE BALD BALM BALA BD10/11 BD12/13 BD14/15 BD21/22 BD40 BD41/43 BD50 BD53

ALE customizing ALE distribution ALE development (4.0) ALE master data (4.0) ALE application (4.0) Send/fetch material masters Send/fetch customer masters Send/fetch vendor Select/delete change pointers Select change pointers for serialization group (4.0) Dispatch/post idocs for serialization group (4.0) Activate change pointers for message type Reduction of idoc types

BD54 BD55 BD56 BD61 BD64 BD68 BD72 BD75 BD77 BD78 BD82

Logical systems Conversion Segment filtering Activate change pointers Distribution model Lists Activate event coupling Status conversion for tRFC Distribution of control data Monitoring of control data distribution Generate partner profiles

You can also get to this transaction by the following path: SAP NetWeaver -> SAP Web Application Server -> IDoc Interface/Application Link Enabling (ALE) -> Logical Systems

BD87 BD88 BDM2 BDM5 BDM7 BDM8 BDM9 BDRC BDRL BDBG BDBS BAPI SM58 SM59

Process inbound idocs Process outbound idocs Idoc trace (idocs with receiver) Consistency check ALE audit statistical analyses Send ALE audit confirmation Reorganize the audit database Determine recovery objects (3.1I, 4.5) Process recovery objects (3.1I, 4.5) Generate ALE interface for BAPI (4.0) Generate coding for mapping (4.0) BAPI browser (4.0) Aborted transactional RFCs RFC destinations

You can call this monitor to check the current status of Idocs in SAP R3 or mySAP ECC.

sa38 -> RSEOUT00

Report used to transfer IDocs to the communication layer if you selected the Collect IDocs output mode (instead of Transfer IDoc Imm. ) in the Outbound partner profile (WE20).

sa38 -> RBDAPP01

sa38 -> RSSCD100

sa38 -> RBDMIDOC

Report used to transfer IDocs to the ALE layer if you selected the Trigger by background program mode (instead of Trigger immediately ) in the Inbound partner profile (WE20). Report to view the change documents (that record each change made to their objects). Report use to evaluate change pointers. This program is usually scheduled as a periodic background job. You can start the program for testing purposes with transaction BD21.

Java Ports http://<server>:<j2ee_port> where <2ee_port> = 5XX00

XX = Instance Number

5XX00 5XX13 5XX04 5XX08 5XX18

WAS Netweaver Administration Start/Stop Instances Applet Visual Administrator Tool J2EE Admin Tool Telnet SDM

Java Tools

http://<server>:<j2ee_port>/nwa http://<server>:<j2ee_port>/useradmin http://<server>:<j2ee_port>/sld

SAP NetWeaver Administrator SAP User Management Engine (UME)

Visual Administrator Locking Adapter Security Provider Monitoring Service Configuration Adapter Key Storage Log Viewer SLD Data Supplier Jco RFC Provider J2EE Lock Monitoring User Management J2EE Monitoring J2EE parameter administration Security Keys Management Errors Check

Security Transactions
SU01 SU01D SU02 SU03 SU05 SU10 SU1 SU2 SU3 SU20 SU21 SU22 SU24 SU25 SU53 SU56 PFCG PFUD SU80 ST01 SE43 SSM2 SUGR BALE

Description
User Maintenance User Maintenance Display Authorization Profiles Authorization Objects and Authorizations Maintenance Maintain Internet User Mass Changes for Users Maintain Own User Address Maintian Own User Parameters Maintain Users Own data Maintain Authorization Fields Maintain the authorization objects Maintain the assignments of authorization objects Profile Generator: Maintain the assignments of Authorization Objects Profile Generator. Upgrade and First Installation Check Failed Authorizations Every user can display his or her own user buffer with this transaction Role Maintenance Tool User Master Data Reconciliation Archive User Change Documents System Trace (User Authorization Trace) Area Menu Maintenance Set Initial Area Menu Systemwide Group maintenance ALE Area Menu

STUN

Performance Monitoring Menu

The Audit Information System (AIS) is an auditing tool that can be used to analyze security aspects of SAP. the AIS is now delivered with a series of roles. Security Audit (Static and Dynamic Configuration) Analysis of Security Audit Log Delete Old Security Audit Logs User Information

SECR (old transaction) SM19 SM20 SM18 SUIM

SAP MenuToolsAdministrationUser MaintenanceInformation System SUCOMP

SUCU SNC1 SNC2 SNC3 SNC4 SECSTORE STRUST STRUSTSSO2

User Information by Menu User company address maintenance Assignment of tables/views to authorization groups (or SM30 -> V_DDAT). From Web AS 6.40, however, the view is called V_DDAT_54, which causes SUCU to fail. This means you must modify the parameter call in transaction SE93, to be able to display SUCU. Generate SNC name for user Export SNC name of user User initial control list 3.1-4.0 Check canonical SNC names

Administration of Secure Storage Trust Manager Trust Manager for Logon Ticket

Security and User Administration Reports (SE38/SA38) RSUSR000 RSUSR002 RSUSR002_ADDRES RSUSR003 RSUSR004 RSUSR005 RSUSR006 RSUSR007 RSUSR008 RSUSR008_009_NEW RSUSR009 List of All Users Logged On Users by Complex Selection Criteria Users by address data Check the Passwords of Standard Users in All Clients Restrict User Values to the Following Simple Profiles and Auth. Ob List of Users With Critical Authorizations Locked Users and Users with Incorrect Logons Display Users with Incomplete Address Data By Critical Combinations of Authorizations at Transaction Start A system dependent option to control SoD violations. List of Users With Critical Authorizations

RSUSR010 RSUSR011 RSUSR012 RSUSR020 RSUSR030 RSUSR040 RSUSR050 RSUSR060 RSUSR060OBJ RSUSR061 RSUSR070 RSUSR080 RSUSR100 RSUSR100N RSUSR101 RSUSR102 RSUSR200 RSUSR300 RSUSR301 RSUSR302 RSUSR400 RSUSR401 RSUSR402 RSUSR404 RSUSR405 RSUSR406 RSUSR406_OLD RSUSR408 RSUSR409 RSUSR421 RSUSR500 RSUSR500D RSUSR998 RSUSREXT RSUSREXTID RSUSRLOG RSUSRSCUC RSUSRSUIM PFCG_TIME_DEPENDENCY RSABAPSC

Executable Transactions ( All Selection Options ) Lists of transactions after selection by user, profile or obj. Search authorizations, profiles and users with specified object va Profiles by Complex Selection Criteria Authorizations by Complex Selection Criteria Authorization Objects by Complex Selection Criteria Comparisons Where-used lists Where-Used List: Authorization Object in Program and Transactions Enter Authorization Fields Roles by Complex Selection Criteria Users by License Data Change Documents for Users Change Documents for Users Change Documents for Profiles Change Documents for Authorizations List of Users According to Logon Date and Password Change Set External Security Name for All Users Fill non-checking transactions with auth.object S TCODE Delete authorization check on object S TCODE from table TSTCA Test Environment Authorization Checks (SAP Systems Only) Report to give all SAPCPIC users profile S_A.CPIC Download user data for CA manager from Secude Conversion Program for Authorizations of Basis Development Environ Reset all user buffers in all clients (uncritical) Automatically Generate Profile SAP_ALL Automatically Generate Profile SAP_ALL XPRA: Conversion of USOBX-OKFLAG, USOBX-MODIFIED for upgrade tool Transfer all translated titles to generated transaction codes Clean-up report: TSTC-CINFO if no check in TSTCA User Administration: Compare Users in Central System GUM: Display Open Changes Call Reporting Tree Info System Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5) Enter Correct SNC Names in Table View VUSREXTID (from SAP R/3 4.5) Log Display for Central User Administration CUA: Synchronization of the Company Addresses User Information System HR Organizational Management Reconiciliation Search for AUTHORITY-CHECK statements

RSCSAUTH / RSABAUTH

Maintain/Restore Authorization Groups. It creates a list of reports (type 1) (Program column), the authorization group delivered by SAP (SAP column), and the authorization group maintained by the customer (Customer column). The Customer column accepts input. Customers can enter their own authorization groups here. When the customer chooses Save, the customer's own authorization groups for all SELECTED reports are transferred to the table TRDIR . This is equivalent to a change of the authorization group in the program attributes, and the exiting SAP authorization groups are overwritten. The authorization group for each report is also entered in the table SREPOATH, meaning that the customer's own authorization groups can be restored by restarting RSCSAUTH after an upgrade. Start the program RSABAUTH. The new authorization groups are written to the table TPGP .

Table Name
PRGN_CUST

Description
Customize the role transports

SSM_CUST TADIR
TADIR

Defines initial picture in SESSION_MANAGER Table that contains all Data Dictionary Objects
Contains all repository SAP objects

TPFYPROPTY TSTC

Shows parameters properties (e.g. Dynamical vs Static parameters) Table that contains all transactions codes of the system

USERS_SSM
USOBT USOBT_C USOBX USOBX_C

System administrators can use this table to determine whether or not users are allowed to switch between the SAP menu and their user menus
Contain SAP default authorization objects Contain the customer authorization objects Contain SAP default authorization objects Contain the customer authorization objects

USR10 USR40
VDDAT, TDDAT, VDDAT_54

V_BRG TPGP E070 E071/E071K T000 USR41_MLD

Table that contains all profiles delivered by SAP Exception Table for Passwords Assignment of tables/views to authorization groups Definition of authorization groups ABAP/4 Authorization Groups Header information for the transport request Object list and keys from table entries Client Administration Registers multiple logons

Parameter

Description

rdisp/max_alt_modes rdisp/wp_no_dia rdisp/wp_no_vb rdisp/wp_no_vb2 rdisp/wp_no_btc rdisp/wp_no_spo rdisp/wp_no_enq rdisp/start_icman rdisp/j2ee_start rdisp/TRACE rdisp/btctime rdisp/max_wprun_time

Defines how many sessions are permissible for each logon to the SAP system. Can be set to values from two to nine; the standard setting is six. Defines number of dialog workprocesses Defines number of update 1 workprocesses Defines number of update 2 workprocesses Defines number of background workprocesses Defines number of spool workprocesses Defines number of enqueue workprocesses Initialize ICM Initialize J2EE Set the trace level for developer traces

rslg/max_diskspace/local rec/client rec/client rec/client login/disable_multi_gui_login login/multi_login_users

Defines the size of the system Log (sm21). Each log entry takes up 192 bytes, and the default log is 500160 bytes, which is a multiple of 192 that corresponds to 2605 entries. Once the log is full, the oldest entries are overwritten. ALL logs all clients 000 [,...] logs the specified clients OFF turns logging off

Security Parameters
Parameter Description
The audit files are located on the individual application servers. You define the name and location of the files with this parameter (up to WAS 6.30) This parameter defines the maximum space to allocate for the audit files This parameter enables the security audit log This parameter defines the number of filters to allow for the security audit log. (dynamic configuration) (dynamic configuration)

rsau/local/file rsau/max_diskspace/local rsau/enable rsau/selection_slots rsau/max_diskspace/per_day rsau/max_diskspace/per_file

auth/no_check_in_some_cases auth/auth_number_in_userbuffer auth/new_buffering

Enables Profile Generator In systems with release level 4.6A and higher, this parameter definies the size of the user buffer.As of Kernel 6.20, the parameter is no longer evaluated auth/auth_number_in_userbuffer parameter no longer has any effect if this profile parametes is 3 or 4.

login/min_password_lng login/min_password_digits

login/min_password_letters

login/min_password_specials

login/password_charset

Defines the minimum length of the password. Default value: 3; permissible values: 3 8 Defines the minimum number of digits (0-9) in passwords. Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 Defines the minimum number of letters (A-Z) in passwords. Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 Defines the minimum number of special characters in the password Permissible special characters are $%&/()=?'`*+~#-_.,;:{[]}\<> and space Default value: 0; permissible values: 0 8 Available as of SAP Web AS 6.10 This parameter defines the characters of which a password can consist. Permissible values: 0 (restrictive): The password can only consist of digits, letters, and the following (ASCII) special characters :!"@ $%&/()=?'`*+~#-_.,;:{[]}\<>| and space 1 (backward compatible, default value): The password can consist of any characters including national special characters (such as , , from ISO Latin-1, 8859-1). However, all characters that are not contained in the set above (for value = 0) are 2 (not backward compatible): The password can consist of any characters. It is converted internally into the Unicode format UTF-8. If your system does not support Unicode, you may not be able to enter all characters on the logon screen. This restri With login/password_charset = 2, passwords are stored in a format that systems with older kernels cannot interpret. You must therefore only set the profile parameter to the value 2 after you have ensured that all systems involved support the new password Available in the standard system as of SAP Web AS 6.40. Defines the minimum number of characters that must be different in the new password compared to the old password. Default value: 1; permissible values: 1 8 Available as of SAP Web AS 6.10 Defines the validity period of passwords in days. Default value: 0; permissible values: any numerical value If the user logs on with Single Sign-On, checks whether the user must change his or her password. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Controls the deactivation of password-based logon This means that the user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Controls the deactivation of password-based logon for user groups

login/min_password_diff

login/password_expiration_time login/password_change_for_SSO

login/disable_password_logon

login/password_logon_usergroup

login/password_logon_usergroup Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package

login/disable_multi_gui_login login/multi_login_users

login/fails_to_session_end

login/fails_to_user_lock

login/failed_user_auto_unlock

Controls the deactivation of multiple dialog logons Available as of SAP Basis 4.6 List of excepted users, that is, the users that are permitted to log on to the system more than once. Available as of SAP Basis 4.6 Defines the number of unsuccessful logon attempts before the system does not allow any more logon attempts. The parameter is to be set to a value lower than the value of parameter login/fails_to_user_lock. Default value: 3; permissible values: 1 -99 Defines the number of unsuccessful logon attempts before the system locks the user. By default, the lock applies until midnight. Default value: 12; permissible values: 1 -99 Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight. Default value: 1 (Lock applies only on same day); permissible values: 0, 1

login/password_max_new_valid

Defines the validity period of passwords for newly created users. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Defines the validity period of reset passwords. Available as of SAP Web AS 6.10, as of SAP Basis 4.6 by Support Package Allows or locks the logon using SSO ticket. Available as of SAP Basis 4.6D, as of SAP Basis 4.0 by Support Package Allows the creation of SSO tickets. Available as of SAP Basis 4.6D Defines the validity period of an SSO ticket. Available as of SAP Basis 4.6D The logon ticket is only transferred using HTTP(S). Available as of SAP Basis 4.6D When logging on over HTTP(S), sends the ticket only to the server that created the ticket. Available as of SAP Basis 4.6D Refuse inbound connections of type CPIC Controls the emergency user SAP* (SAP Notes 2383 and 68048) Specifies the default client. This client is automatically filled in on the system logon screen. Users can type in a different client. Specifies the exactness of the logon timestamp. Available as of SAP Basis 4.6 Defines the maximum idle time for a user in seconds (applies only for SAP GUI connections). Default value: 0 (no restriction); permissible values: any numerical value
Controls the SAP* user You can use this parameter to determine the maximum time between the (re)setting of the password and the next logon with the initial password. As soon as this period has expired, the system displays message "Initial password has expired" and refuses the password logon. However, you can still logon using SSO. You can use this parameter to determine the maximum time between two password logons. As soon as this period has expired, the system displays a message stating that the password has not been used for a period of time and was therefore deactivated, and the system refuses the password logon. However, you can still logon using SSO. The profile parameters login/password_max_new_valid and login/password_max_reset_valid have been replaced by the profile parameter login/password_max_idle_initial, which means that the system no longer distinguishes between the first and the subsequent setting of a password by the user administrator regarding the restriction of the validity of the resulting initial passwords.

login/password_max_reset_valid

login/accept_sso2_ticket login/create_sso2_ticket login/ticket_expiration_time login/ticket_only_by_https login/ticket_only_to_host

login/disable_cpic login/no_automatic_user_sapsta r login/system_client login/update_logon_timestamp rdisp/gui_auto_logout

login/no_automatic_user_sapstar

login/password_max_idle_initial

login/password_max_idle_productive

Authorization Object
S_TCODE S_USER_GRP S_USER_PRO S_USER_AUTH S_USER_AGR S_USER_TCD S_USER_VAL S_PROGRAM Allow to start a transaction Authorization to create or maintain a user master record, and to assign it to a user group Authorization for the authorization profiles that you assign to users Authorization to create and maintain authorizations Authorization to protect roles. With this authorization object, you specify which roles can be edite, and which activities (display, change, create, etc) are intended for the role(s). Authorization for transactions that you may assign to the role in the Profile Generator. Authorization to restrict values that the system administrator can include in a role or change in the Profile Generator The Programs (reports) are combined into program authorization groups and can be protected against unauthorized access using the groups and this authorization object. Defines which table contents may be maintained by which employees. The authorization object S_TABU_DIS controls only complete accesses, which are made using standard table maintenance (SM31), advanced table maintenance (SM30) or the Data Browser (SE16). These group assignments are defined in table TDDAT. Grants authorization to maintain cross-client tables with the standard table maintenance transaction (SM30), extended table maintenance transaction (SM31), and the Data Browser (SE16). Also acts as an additional security measure for cross-client tables and enhances the general table maintenance authorization S_TABU_DIS. The object has the following field: CLIIDMAINT: If identifier X or * is set, cross-client tables can be maintained. Through the introduction of organization criteria, it is possible to restrict a user's access rights to specific parts of a table. A possible use for S_TABU_LIN would be to display and to change content for only a certain work area, such as a country or a plant. is the authorization object for the Transport Organizer Is the authorization object for the administration functions in the Change and Transport System. Authorizations for the ABAP Workbench (programming and debugging transactions SExx) Authorization to execute logical operating system commands Authorization Object for Job Operations Authorization Object for File Access Authorization Object for RFC

S_TABU_DIS

S_TABU_CLI

S_TABU_LIN S_TRANSPRT S_CTS_ADMI S_DEVELOP S_LOG_COM S_BTCH_JOB S_DATASET S_RFC

Official Sites http://help.sap.com http://service.sap.com http://service.sap.com/pam http://service.sap.com/sp-stacks http://www.sap.info http://www.sapinsideronline http://sdn.sap.com http://www.sap-press.com http://www.sappro.com http://.ifr.sap.com http://service.sap.com/connectors http://bpx.sap.com http://www.sap.com/community/pub/innovation/duet/webcasts.epx http://www.sap.com/community/pub/innovation/duet/ http://www.duet.com http://www.sapdesignguild.org/ http://www.netweavermagazine.com http://service.sap.com/performance No Official Sites http://sap4.com http://www.mundosap.com http://www.sapfans.com http://searchsap.techtarget.com/ http://www.sap-img.com http://www.sapdb.info http://sapbasic.wordpress.com/ SAP en Castellano Mundo SAP SAP Fans

The Online documentation The SAP Service Marketplace SAP Product Availability Matrix SAP Support Package Stacks The Information portals SAP Insider Online The SAP Developer Network SAP Press SAP Professional Journal SAP Interface Repository (Documentac SAP Connectors (Jco, .NET, Business SAP Business Process Community SAP Business Community for DUET (w SAP Business Community for DUET SAP Business DUET SAP UI Design SAP NetWeaver Magazine SAP Performance Site

e documentation Service Marketplace uct Availability Matrix port Package Stacks mation portals

Developer Network

essional Journal face Repository (Documentacin BAPIs) nectors (Jco, .NET, Business Connector, etc) ness Process Community ness Community for DUET (webcasts) ness Community for DUET

Weaver Magazine ormance Site