CCDB Content Overview of an ABAP system
Config stores in CCDB could be categorized like the following:
- Software Configuration
- ABAP Instance Parameter
- Database Configuration
- Operating System Configuration
- Business Warehouse Configuration
- RFC Destinations Configuration
- System Change Option Configuration
- Security Configuration
- Critical user authorizations
Config Stores dealing with Software Configuration
SAP_KERNEL
SAP Kernel release and patch information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | PROPERTY | CMD_SAP_KERNEL | ABAP-SOFTWARE | SAP-KERNEL |
Example Content of SAP_KERNEL
PARAMETER(K) | VALUE(D) |
KERN_COMP_ON | SunOS 5.9 Generic_122300-28 sun4u |
KERN_COMP_TIME | Aug 26 2014 11:53:48 |
KERN_DBLIB | DB6_81 |
KERN_PATCHLEVEL | 622 |
KERN_REL | 720_REL |
PLATFORM-ID | 370 |
ABAP_COMP_RELEASE
Software component release information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_COMPRELEASE | ABAP-SOFTWARE | COMPONENT-RELEASE |
Example Content of ABAP_COMP_RELEASE
PARAMETER(K) | VALUE(D) |
AOFTOOLS | 400_620_04 |
DMIS | 2011_1_700 |
EA-APPL | 604 |
EA-DFPS | 604 |
EA-FINSERV | 604 |
EA-GLTRADE | 604 |
ABAP_COMP_SPLEVEL
Software component and support package information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SPLEVEL | ABAP-SOFTWARE | SUPPORT-PACKAGE-LEVEL |
Example Content of ABAP_COMP_SPLEVEL
COMPONENT(K) | RELEASE(K) | EXTRELEASE(D) |
AOFTOOLS | 400_620_04 | 0000 |
DMIS | 2011_1_700 | 0007 |
EA-APPL | 604 | 0000 |
EA-DFPS | 604 | 0000 |
EA-FINSERV | 604 | 0000 |
EA-GLTRADE | 604 | 0000 |
ABAP_PACKAGES
Installed ABAP package information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_ABAP_PACKAGES | ABAP-SOFTWARE | INSTALLED-ABAP-PACKAGES |
Example Content of ABAP_PACKAGES
PARAMETER(K) | VALUE(D) |
BSTK000079 | Language Export wrt IT/IBC 217 |
BSTK000085 | Language Export wrt IT/IBC 217 |
C4HK000050 | Language Export wrt IT/IBC 383 |
C4HK000192 | SAP-HR Language Export |
C4HK000198 | SAP-HR Language Export |
C4HK000206 | SAP-HR Language Export |
ABAP_NOTES
Notes applied via SNOTE
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_ABAP_NOTES | ABAP-SOFTWARE | ABAP-NOTES |
Example Content of ABAP_NOTES
NOTE(K) | VERSION(D) | TEXT(D) | PRSTATUST(D) | PRSTATUS(D) |
0000148632 | 0034 | Incorrect results in capacity requirements planning | Obsolete version implemented | V |
0000195114 | 0003 | Thirteenth salary DECSE | Undefined Implementation State | |
0000195767 | 0001 | Operação BROFE e diferentes tipos de ausência | Undefined Implementation State | |
0000195868 | 0002 | Taxes thirteenth salary third cumulation clear | Undefined Implementation State | |
0000195953 | 0003 | Calculo de offcycle para funcionários demitidos | Undefined Implementation State | |
0000196333 | 0003 | Rescisão com férias no mês | Undefined Implementation State |
ABAP_SWITCH_FRAMEWORK
Active EHP switches
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SFW_SOLMAN_DATA | ABAP-SOFTWARE | ABAP-SFW |
Example Content of ABAP_SWITCH_FRAMEWORK
AREA(K) | FUNCTION(K) |
EA | /CUM/MAIN |
EA | EA-CP |
EA | EA-DFP |
EA | EA-FIN |
EA | EA-FRC |
EA | EA-FS |
ABAP_TRANSPORTS
Transports created and or imported in/to the system
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | EVENT | CMD_ABAP_TRANSPORTS_2 | ABAP-SOFTWARE | ABAP-TRANSPORTS |
Example Content of ABAP_TRANSPORTS
TRKORR(K) | TARCLIENT(D) | RETCODE(D) | OBJECTS(D) | AS4TEXT(D) | TRFUNCTIONT(D) | TRSTATUST(D) | TRFUNCTION(D) | TRSTATUS(D) |
HBWK000007 | 0 | Note 1702711 | Workbench Request | Modifiable | K | D | ||
HBWK000007 | 23 | Note 1702711 | Workbench Request | Released | K | R | ||
HBWK000012 | 9 | Note 1741541 | Workbench Request | Released | K | R | ||
HBWK000010 | 5 | Note 1741541 | Workbench Request | Released | K | R | ||
CIDK054330 | 200 | 0000 | 1 | Test of Service Definitions, for system HBW | Transport of Copies | Released | T | R |
ECDK900150 | 000 | 0004 | 6 | TMSADM: abgespeckte Rolle zum Profil S_A.TMSADM | Customizing Request | Released | W | R |
New config stores columns added with SAP Solution Manager 7.10 SP09
PROJECT / EXPORT_TIMESTAMP / SAP_TMWFLOW
TIMESTAMP
Last changed timestamp (import timestamp)
TRKORR
Transport request number
TARCLIENT
Import client
RETCODE
return code of import
OBJECTS
Number of objects within transport request
AS4TEXT
Description of transport request
TRSTATUST / TRSTATUS
Transport request status as text and flag
TRFUNCTIONT / TRFUNCTION
Transport function as text and flag
EXPORT_TIMESTAMP
Export timestamp of request
PROJECT
Stands for a CTS Project is not the Project displayed in transaction SE09 directly, it’s an attribute displayed as CTS Project.
SAP_TMWFLOW
The attribute SAP_TMWFLOW contains information about the tool that had generated the transport request. If the field is empty no special transport tool has been used .The first character of the string is related to the tool:
Tool | First character |
Charm Normal Change Maintenance Project | M |
Charm Normal Change Implementation Project | I |
Charm Urgent Correction | H |
Charm Upgrade Project | U |
QGM | 0-9 |
TRANSPORT_TOOL*
Contains custom transport settings
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_TRANSPORT_TOOL | ABAP-PARAMETER | TRANSPORT-TOOL |
Example Content of TRANSPORT_TOOL
NAME(K) | VALUE(D) |
ABAPNTFMODE | b |
ACC_IMPORT | 1 |
CLIENTCASCADE | 1 |
COFILELIFETIME | 60 |
C_IMPORT | 0 |
DATALIFETIME | 60 |
SPAM_VERSION*
Contains SPAM-Release with version and patch number (SPAM = Support Package Manager)
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SPAM_VERSION | ABAP-SOFTWARE | SPAM-VERSION |
Example Content of SPAM_VERSION
NAME(K) | VERSION(D) | PATCH(D) |
SPAM-RELEASE | 7.01 | 0054 |
ESH_CONFIG
Enterprise Seach configuration
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_ESH_COI_GET_SNAPSHOT | ENTERPRISE-SEARCH | CONFIG |
LANDSCAPE
Landscape information (from LMDB)
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | E2E_CCDB_TECH_SYSTEM_TABLE | ABAP-SOFTWARE | SYSTEM_LANDSCAPE |
Example Content of LANDSCAPE
GLOBAL_ID(K) | LANDSCAPE_ELEMENT(K) | ATTRIBUTE(D) | VALUE(D) |
0050568a-721f-02de-acbe-576d9973df0b:1 | ProductInstance | caption | Product instance SAP ERP Central Component (SAP ECC) of product version SAP ERP 6.0 |
0050568a-721f-02de-acbe-576d9973df0b:2 | ProductInstance | name | SAP ECC Server |
0050568a-721f-02de-acbe-57c20c261f6b:1 | ProductInstance | caption | Product instance SAP Strategic Enterprise Management (SAP SEM) of product version SAP enhancement package 4 for SAP ERP 6.0 ("Co |
0050568a-721f-02de-acbe-57c20c261f6b:2 | ProductInstance | name | SAP SEM |
0050568a-721f-02de-acc0-ab18caa4815d:1 | ProductVersion | caption | SAP enhancement package 4 for SAP ERP 6.0 on SAP enhancement package for SAP NetWeaver 7.0 |
0050568a-721f-02de-acc0-ab18caa4815d:2 | ProductVersion | name | EHP4 FOR SAP ERP 6.0 / NW7.01 |
MESSAGE_SERVER_PORT
Message server settings
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | E2E_CCDB_MESSAGE_SERVER | ABAP-SOFTWARE | PORT |
Example Content of MESSAGE_SERVER_PORT
PARAMETER(K) | VALUE(D) |
message server host | host.wdf.sap.corp |
message server http port | |
message server https port | |
message server logon groups | PUBLIC,SPACE |
message server port | 20515 |
message server service name |
SAPUI5_LIBS and SAPUI5_VERSION***
Contains major and minor version of the installed SAPUi5 software
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SAPUI5_LIBS | ABAP-SOFTWARE | SAPUI5 |
Example content of SAPUI5_LIBS
LIBRARY(K) | MAIN_VERSION(K) | VERSION(D) | TIMESTAMP(D) | LIBRARY_NAME(D) |
com.sap.apf.apf-lib | 1.40 | 1.40.11 | 20170207122800 | sap.apf |
com.sap.apf.apf-lib | 1.42 | 1.42.6 | 20170110132600 | sap.apf |
com.sap.apf.apf-lib | 1.44 | 1.44.12 | 20170912112700 | sap.apf |
com.sap.ca.scfld.md | 1.40 | 1.40.5 | 20161219101000 | sap.ca.scfld.md |
com.sap.ca.scfld.md | 1.42 | 1.42.2 | 20161209093100 | sap.ca.scfld.md |
com.sap.ca.scfld.md | 1.44 | 1.44.2 | 20161213093000 | sap.ca.scfld.md |
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_SAPUI5_VERSION | ABAP-SOFTWARE | SAPUI5 |
Example content of SAPUI5_VERSION
PARAMETER(K) | VALUE(D) |
VERSION | 1.44 |
Config Stores dealing with ABAP Instance Parameter
ABAP_INSTANCE_PAHI
Active profile parameter of an ABAP instance
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | PROPERTY | CMD_ABAP_INSTANCE_PAHI | ABAP-PARAMETER | PAHI |
Example Content of ABAP_INSTANCE_PAHI
PARAMETER(K) | VALUE(D) |
|
|
|
|
|
|
|
|
|
|
|
|
ABAP_INSTANCE_PAHI_ENH****
Selected profile parameters of an ABAP instance, which you can define multiple times, plus additional entries showing the concatenated values of these parameters: icm/HTTP/admin_ALL
, icm/HTTP/auth_ALL
, icm/HTTP/logging_ALL
, icm/HTTP/redirect_ALL
, and icm/server_port_ALL
.
It allows, e.g. to check if at least one of the parameters icm/server_port_0
to icm/server_port_9
contains an entry for HTTPS because all parameter value are concatenated into the entry icm/server_port_ALL
.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | PROPERTY | CMD_ABAP_INSTANCE_PAHI | ABAP-PARAMETER | PAHI |
Example Content of ABAP_INSTANCE_PAHI_ENH
PARAMETER(K) | VALUE(D) |
---|---|
icm/HTTP/admin_0 | PREFIX=/sap/admin,DOCROOT=/usr/sap/FQ7/DVEBMGS00/data/icmandir/admin,AUTHFILE=/usr/sap/FQ7/SYS/global/security/data/icmauth.txt |
icm/HTTP/admin_ALL |
{PREFIX=/sap/admin,DOCROOT=/usr/sap/FQ7/DVEBMGS00/data/icmandir/admin,AUTHFILE=/usr/sap/FQ7/SYS/global/security/data/icmauth.txt}
|
icm/HTTP/auth_0 | PREFIX=/,FILTER=SAP |
icm/HTTP/auth_ALL |
{PREFIX=/,FILTER=SAP}
|
icm/HTTP/logging_0 | PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month |
icm/HTTP/logging_1 | PREFIX=/, LOGFORMAT=SAPSMD, LOGFILE=icmhttp.log, MAXSIZEKB=10240, SWITCHTF=day, FILEWRAP=on |
icm/HTTP/logging_ALL |
{PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month}{PREFIX=/, LOGFORMAT=SAPSMD, LOGFILE=icmhttp.log, MAXSIZEKB=10240, SWITCHTF=day, FILEWRAP=on}
|
|
|
|
|
|
|
|
|
|
|
|
|
ABAP_DEFAULT_PROFILE, ABAP_INSTANCE_PROFILE, ABAP_START_PROFILE, ABAP_ASCS_PROFILE
Profile files used by an ABAP instance
Additional Information ABAP_INSTANCE_PROFILE
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | TEXT | CMD_ABAP_INSTANCE_PROFILE | PROFILE | INSTANCE |
Example Content of ABAP_INSTANCE_PROFILE
#.*************************************************************************************
#.* *
#.* Instance profile XXX_YYY_HOST *
#.* *
#.* Version = 000858 *
#.* Generated by user = USERID *
#.* Generated on = 09.09.2014 , 06:45:15 *
#.* *
#.*************************************************************************************
#parameter created by: DSS* 15.09.2013 14:41:57
ssl/client_ciphersuites = 208:HIGH:MEDIUM:+e3DES:!aNULL:!eNULL
Config Stores dealing with Database Configuration
DB_INFO
DBSL release information of an SAP Kernel Database dependent
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | PROPERTY | CMD_DBRELINFO | ABAP-DATABASE | DB |
Example Content of DB_INFO
PARAMETER(K) | VALUE(D) |
CHARSET | UTF8 |
CLIREL | DB6_81 |
DBHOST | usdbq43 |
DBNAME | Q43 |
DBSCHEMA | SAPQ43 |
DBSL_PATCHLEVEL | 622 |
BRTOOLS_LEVEL
BRTOOLS level information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_BRTOOLS_RELEASE | ABAP-DATABASE | ORACLE |
Example Content of BRTOOLS_LEVEL
PARAMETER(K) | VALUE(D) |
PATCH | 49 |
RELEASE | 7.00 |
Database level
Database level information available in config stores: MAXDB_LEVEL, DB6_LEVEL, HDB_LEVEL, MSSQL_LEVEL, ORA_LEVEL
Database parameter
Database parameter information available in config stores: MAXDB_PARAMETER, HDB_PARAMETER, MSSQL_PARAMETER, DB6_REGISTRY, DB6_CONFIG, DB6_DBMCONFIG, ORA_PARAMETER, ORA_SYSTEM_FIX_CONTROL
Config Stores dealing with Operating System Configuration
ENV_VARIABLES
Shell enviroment variables of user <SID>ADM
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | PROPERTY | CMD_STUO_GET_ENVIRONMENT | OS | ENVIRONMENT |
Example Content of ENV_VARIABLES
PARAMETER(K) | VALUE(D) |
DB2CLIINIPATH | /sapmnt/Q43/global/db6 |
DB2COUNTRY | 1 |
DB2DB6EKEY | INTERNAL |
DB2DB6_SVCENAME | sapdb2Q43 |
DB2DBDFT | Q43 |
DB2_CLI_DRIVER_INSTALL_PATH | /sapmnt/Q43/global/db6/SUNOS_64/db6_clidriver |
PHYSICAL_HOST
Relation physical host to virtual host
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | E2E_CCDB_PHYS_HOST_EXTRACTOR | OS | ENVIRONMENT |
Example Content of PHYSICAL HOST
HOSTNAME(K) | HOSTNAMEFULL(D) | HOSTTYPE(D) | PHYHOSTNAME(D) | PHYHOSTNAMEFULL(D) |
yyy | yyy.dhcp.wdf.sap.corp | V | xxx |
saposcol
CPU, memory, and operating system patch information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | XML | OS | SAPOSCOL |
Example Content of saposcol
saposcol
#<?xml version="1.0" encoding="utf-16"?>
<sldinfo model_version="1.3.21" supplier_name="ComputerSystem" supplier_version="1.0">
<group group_type="SPECIFIC" name="system1">
<class name="SAP_ComputerSystem">
<instance> <property name="Status">
<value> OK</value>
</property> <property name="NameFormat">
<value> IP</value> </property>
<property name="Caption">
<value> Windows Server vmw4748 [X64]</value>
</property> <property name="Name">
...
SAPHostAgent
Version of the SAP host agent
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | E2E_CCDB_SAPHOSTAGENT | SAPHOSTAGENT | RELEASE |
Example Content of SAPHostAgent
PARAMETER(K) | VALUE(D) |
SAPHOSTAGENT_VERSION | 720/140 |
SYSTEM_TIMEZONE***
Contains the system timezone
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SYSTEM_TIMZO | SYSTEM | TIME-ZONE |
Example Content of SYSTEM_TIMEZONE
NAME(K) | VALUE(D) |
DSTRULE | EUROPE |
SYSTEM_TIMEZONE | CET |
ZONERULE | P0100 |
Config Stores dealing with Business Warehouse Configuration
ROIDOCPRMS
BW request transfer parameters
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_ROIDOCPRMS | BI | TRANSFER-PARAMETERS |
Example Content of ROIDOCPRMS
SLOGSYS(K) | MAXSIZE(D) | STATFRQU(D) | MAXPROCS(D) | BTCSYSTEM(D) | MAXLINES(D) | MAXDPAKS(D) |
Q43CLNT004 | 050000 | 10 | 03 | 000000 |
RSADMIN, RSADMINA, RSADMINC, RSADMINS
Common BW configuration
UPC_DARK, UPC_DARK2
Specific BW configuration
Config Stores dealing with RFC Destinations Configuration
RFCDES
All RFC destinations of a system; all RFC options in one column
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_RFCDES | RFC-DESTINATIONS | RFCDES |
Example Content of RFCDES
RFCDEST(K) | RFCTYPE(D) | RFCOPTIONS(D) |
1A_PRODUCTION | T | H=%%RFCSERVER%%,G=10.55.128.32,g=3348,N=1A_PRODUCTION_UNICODE,Y=2,h=2,y=60,z=-2,q=0,d=2, |
1A_STAGING | T | H=%%RFCSERVER%%,G=10.55.128.32,g=3348,N=1A_STAGING_UNICODE,Y=2,h=2,y=60,z=-2,q=0,d=2, |
28CA_Wolfgang | 3 | H=10.66.23.174,S=28,M=002,U=XS_ISAAC,Y=2,h=2,z=-2,v=%_PWD,q=1, |
47E228F428953AF6E10000000A421804 | G | H=usai2q43,I=53614,N=/SAPControl.CGI,Q=A,s=Y,w=SAP_BC_SOAP,F=0 0010,t=ANONYM, |
47E229CA28953AF6E10000000A421804 | G | H=usai4q43,l=X,I=1128,N=/SAPOscol.CGI,Q=A,w=SAP_BC_SOAP,F=0 0010,t=ANONYM, |
47E229D128953AF6E10000000A421804 | G | H=usai4q43,l=X,I=1129,N=/SAPOscol.CGI,Q=A,s=Y,w=SAP_BC_SOAP,F=0 0010,t=ANONYM, |
RFCDES_TYPE_[3,G,H,L,T]
RFC destinations per type, each attribute is a column
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_RFCDES_TYPE_3 | RFC-DESTINATIONS | RFCDES_TYPE_3 |
Example Content of RFCDES_TYPE_3
RFCDEST(K) | RFCTYPE(D) | ARFC_ACTIVE(D) | ARFC_CYCLE(D) | ARFC_METHOD(D) | AUTHORITY(D) | CLIENT(D) | DESTLOCK(D) | EXPORTTRACE(D) | GROUP(D) | GWHOST(D) | GWSERVICE(D) | KEEPALIVETIMEOUTVAL(D) | LANGUAGE(D) | LOADBALANCING(D) | MDMPLIST(D) | MDMPSETTING(D) | PASSWORD(D) | PASSWORDSCR(D) | QRFCVERS(D) | RFCBITMAP(D) | RFCCONVERT(D) | RFCCONVX(D) | RFCLOGON_GUI(D) | RFCSNC(D) | RFCUNICODE(D) | RFCWAN(D) | SAME_USER(D) | SERVER(D) | SYSTEMID(D) | SYSTEMNR(D) | TRACE(D) | TRFCBTCDELAY(D) | TRFCBTCSUPPR(D) | TRFCBTCTRIES(D) | TRUSTED_SYSTEM(D) | USER(D) |
28CA_Wolfgang | 3 | 10 | S | 002 | 2 | -2 | N | (secret) | X | 1 | 00000000 | * | 0023 | 1 | 10.66.23.174 | 28 | XS_ISAAC | |||||||||||||||||||
A0G | 3 | 10 | S | 000 | 2 | -2 | E | N | (secret) | X | 0 | 00000000 | * | 0023 | 2 | uxcia0g.wdf.sap.corp | 26 | SAPCPIC |
RFCDES_TYPE_3_CHECK
(Security): Is a user with critical authorizations used in an RFC destination?
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | E2E_CCDB_RFCDEST_CHECK | RFC-DESTINATIONS | RFCDES_CHECK |
Example Content of RFCDES_TYPE_3_CHECK
RFCDEST(K) | LOGON_CLIENT(D) | LOGON_USER(D) | PASSWORD_STATUS(D) | HOST_NAME(D) | SYSTEM_IDENTIFIER(D) | SYSTEM_NUMBER(D) | TRUSTED_SYSTEM(D) | CV_USER_PROFILE_RESULT(D) | CV_CONFIG_DEST_LONG_SID(D) | CV_REMARK(D) |
A0G | 000 | SAPCPIC | (secret) | host001.xyw.wwt.dom | A0G | 26 | Host not found | |||
A3FCLNT001 | 001 | REMOTE_CATT | (secret) | host002.xyw.wwt.dom | A3F | 77 | Host not found | |||
A6TCLNT001 | 001 | ALEREMOTE | (secret) | host003.xyw.wwt.dom | A6T | 88 | Host not found | |||
A8PCLNT001 | 001 | ALEREMOTE | (secret) | host005.xyw.wwt.dom | A8P | 88 | Host not found |
Config Stores dealing with System Change Configuration
CLIENTS
System change settings per client
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_T000 | SYSTEM-CHANGE-OPTION | CLIENT-SETTING |
Example Content of CLIENTS
MANDT(K) | MTEXT(D) | ORT01(D) | MWAER(D) | ADRNR(D) | CCCATEGORY(D) | CCCORACTIV(D) | CCNOCLIIND(D) | CCCOPYLOCK(D) | CCNOCASCAD(D) | CCSOFTLOCK(D) | CCORIGCONT(D) | CCIMAILDIS(D) | CCTEMPLOCK(D) | LOGSYS(D) |
000 | SAP AG Konzern | Walldorf | EUR | S | 3 | X | X | HBWCLNT000 | ||||||
001 | SAP AG Konzern | Walldorf | EUR | C | 1 | HBWCLNT001 | ||||||||
200 | BW 7.30 on HANA | Walldorf | EUR | T | 1 | HBWCLNT200 |
COMPONENTS
System change settings per component
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_SCO_COMPONENTS | SYSTEM-CHANGE-OPTION | COMPONENT-SETTING |
Example Content of COMPONENTS
PARAMETER(K) | VALUE(D) |
AOFTOOLS | NOT MODIFIABLE; NOT ENHANCEABLE |
DMIS | NOT MODIFIABLE; NOT ENHANCEABLE |
EA-APPL | NOT MODIFIABLE; NOT ENHANCEABLE |
EA-DFPS | NOT MODIFIABLE; NOT ENHANCEABLE |
EA-FINSERV | NOT MODIFIABLE; NOT ENHANCEABLE |
EA-GLTRADE | NOT MODIFIABLE; NOT ENHANCEABLE |
GLOBAL
System change settings global
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | PROPERTY | CMD_SCO_GLOBAL_SETTING | SYSTEM-CHANGE-OPTION | GLOBAL-SETTING |
Example Content of GLOBAL
PARAMETER(K) | VALUE(D) |
GLOBAL_SETTING | MODIFIABLE |
NAMESPACES
System change settings per namespace
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SCO_NAMESPACES | SYSTEM-CHANGE-OPTION | NAMESPACE-SETTING |
Example Content of NAMESPACES
NAMESPACE(K) | TEXT(D) | PREFIX(D) | CHANGEABLE(D) |
/0CUST/ | Customer Name Range | MODIFIABLE | |
/0SAP/ | General SAP Name Range | MODIFIABLE | |
/0SJ1S/ | IS-M: CH Version | NOT MODIFIABLE | |
/0SJ3G/ | NOT MODIFIABLE | ||
/0SJ3R/ | NOT MODIFIABLE | ||
/0SJ4G/ | NOT MODIFIABLE |
GLOBAL_CHANGE_LOG***
Change Log of System Change Option - Global Setting (which is transaction SE03 / System Change Option)
There is still config store GLOBAL which contains the setting as well just based on the usual snapshot extraction method of CCDB.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | EVENT | CMD_TRLOG_SYSTEM | SYSTEM-CHANGE-OPTION | GLOBAL-SETTING |
Content of GLOBAL_CHANGE_LOG
COMPONENT(K) | PREVIOUS(D) | AFTERWARDS(D) | USER(D) |
Repository and cross-client Cu | Modifiable | Not Modifiable | USER01 |
Repository and cross-client Cu | Not Modifiable | Modifiable | USER01 |
COMPONENTS_CHANGE_LOG***
Change Log of System Change Option - Software Component
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | EVENT | CMD_TRLOG_SYSTEM | SYSTEM-CHANGE-OPTION | COMPONENT-SETTING |
Example Content of COMPONENTS_CHANGE_LOG
COMPONENT(K) | PREVIOUS(D) | AFTERWARDS(D) | USER(D) |
SAP_BASIS | Restricted Modifiability | Not Modifiable/ Enhanceable Only | USER02 |
SAP_BASIS | Restricted Modifiability | Not Modifiable/ Enhanceable Only | USER02 |
SAP_BASIS | Restricted Modifiability | Not Modifiable/ Not Enhanceable | USER02 |
SAP_BASIS | Restricted Modifiability | Not Modifiable/ Enhanceable Only | USER02 |
SAP_BASIS | Restricted Modifiability | Not Modifiable/ Enhanceable Only | USER02 |
SAP_BASIS | Not Modifiable/ Not Enhanceable | Not Modifiable/ Enhanceable Only | USER02 |
NAMESPACES_CHANGE_LOG***
Change Log of System Change Option - Namespace/Name Range
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | EVENT | CMD_TRLOG_SYSTEM | SYSTEM-CHANGE-OPTION | NAMESPACE-SETTING |
Example Content of NAMESPACES_CHANGE_LOG
COMPONENT(K) | PREVIOUS(D) | AFTERWARDS(D) | USER(D) |
/KWCUST/ | Not Modifiable | Modifiable | USER01 |
/KWCUST/ | Modifiable | Not Modifiable | USER01 |
/KWCUST/ | Not Modifiable | Modifiable | USER02 |
/KWCUST/ | Modifiable | Not Modifiable | USER01 |
/SOCO/ | Modifiable | Not Modifiable | USER03 |
/SOCO/ | Not Modifiable | Modifiable | USER93 |
Config Stores dealing with Security Configuration
GW_REGINFO, GW_SECINFO, MS_SECINFO, GW_PRXINFO
Gateway, proxy and message server access control lists
Additional Information GW_SECINFO
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | TEXT | CMD_SECURITY_GW_SECINFO | SECURITY | GATEWAY |
Example Content of GW_SECINFO
P USER=* USER-HOST=local HOST=local TP=*
P USER=* USER-HOST=local HOST=internal TP=*
P USER=* USER-HOST=internal HOST=local TP=*
STANDARD_USERS
ABAP standard user with password and lock status
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SECURITY_STANDARD_USERS | SECURITY | ABAP |
Example Content of STANDARD_USERS
CLIENT(K) | USER(K) | PASSWORD_STATUS(D) | EXISTS(D) | LOCKED(D) |
000 | DDIC | CHANGED | X | |
000 | SAP* | CHANGED | X | X |
000 | SAPCPIC | |||
000 | TMSADM | CHANGED | X | |
001 | DDIC | CHANGED | X | |
001 | SAP* | CHANGED | X |
PSE_CERT
Certifications with validity information
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Instance | TABLE | CMD_PSE_CERTIFICATE | SECURITY | PSE_CERT |
Example Content of PSE_CERT
APPLICATION(K) | CONTEXT(K) | TYPE(K) | SUBJECT(K) | ISSUER(K) | SERIALNO(K) | VALID_FROM(K) | VALID_TO(D) |
<SNCS> | PROG | CERTIFICATE | CN=SSO_CA, O=SAP-AG, C=DE | CN=SSO_CA, O=SAP-AG, C=DE | 01000000 | 19980504125933 | 20230831120000 |
<SNCS> | PROG | CERTIFICATE | EMAIL=maik.mueller@sap-ag.de, CN=SAPNetCA, OU=SAPNet, O=SAP-AG, C=DE | EMAIL=maik.mueller@sap-ag.de, CN=SAPNetCA, OU=SAPNet, O=SAP-AG, C=DE | 01000000 | 19980504115634 | 20150718120000 |
TWPSSO2ACL, RFCSYSACL, SNCSYSACL
Trusted-RFC, -SNC and -„Logon Tickets“ information
Additional Information TWPSSO2ACL
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_TWPSSO2ACL | SECURITY | TRUSTED LOGON TICKETS |
Example Content of TWPSSO2ACL
MANDT(K) | WPS_SYSID(K) | WPS_MANDT(K) | DN_SUBJECT(D) | DN_ISSUER(D) | SERIALNO(D) |
000 | CXX | 000 | CN=SXX, OU=DSS, O=SAP-AG, C=DE | CN=SXX, OU=DSS, O=SAP-AG, C=DE | XXXX |
000 | CXX | 000 | OU=J2EE, CN=C85 | OU=J2EE, CN=CXX | XX |
000 | CXX | 000 | CN=CXX | CN=CXX | XXXXX |
000 | CXX | 000 | OU=J2EE, CN=CXX | OU=J2EE, CN=CJ3 | XX |
000 | EXX | 000 | CN=SXX, OU=DSS, O=SAP-AG, C=DE | CN=SXX, OU=DSS, O=SAP-AG, C=DE | XXXX |
000 | EXX | 000 | OU=J2EE, CN=EXX | OU=J2EE, CN=EXX |
SICF_SERVICES
Active Web Services
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SICF | SECURITY | SERVICES |
Example Content of SICF_SERVICES
ICF_NAME(K) | URL(K) | ICFSRVGRP(D) | HOST_NUMBER(D) | HOST_NAME(D) | EXTENDED_URL(D) | ICF_USER(D) |
-GUI | /sap/option/-gui/ | 0 | DEFAULT_HOST | /sap/option/-gui/ | ||
-STATEFUL | /sap/option/-stateful/ | 0 | DEFAULT_HOST | /sap/option/-stateful/ | ||
-STATELESS | /sap/option/-stateless/ | 0 | DEFAULT_HOST | /sap/option/-stateless/ | ||
-TRANSACTIONAL | /sap/option/-transactional/ | 0 | DEFAULT_HOST | /sap/option/-transactional/ | ||
002 | /sap/bc/srt/pm/sap/Q43002113/002/ | 0 | DEFAULT_HOST | /sap/bc/srt/pm/sap/ecc_customer001qr/002/ | ||
002 | /sap/bc/srt/pm/sap/Q43002116/002/ | 0 | DEFAULT_HOST | /sap/bc/srt/pm/sap/ecc_materialslsbyelmnts004qr/002/ |
AUTH_SECURITY_POLICY
Contains (if exists) the new security policy
Security Policies, which extend user types and password rules in ABAP, have been introduced with SAP_BASIS 7.03 (= 7.00 Ehp 3). See transaction SECPOL respective the online help:http://help.sap.com/saphelp_nw70ehp3/helpdata/en/41/019a4dba8d4afcb9e6a12003e40a2a/content.htm.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SECURITY_POLICY | SECURITY | POLICY |
Example Content of AUTH_SECURITY_POLICY
CLIENT(K) | NAME(K) | ATTRIB_KEY(K) | ATTRIB_VALUE(D) |
DISABLE_PASSWORD_LOGON | 0 | ||
MAX_FAILED_PASSWORD_LOGON_ATTEMPTS | 5 | ||
MAX_PASSWORD_IDLE_INITIAL | 0 | ||
MAX_PASSWORD_IDLE_PRODUCTIVE | 0 | ||
MIN_PASSWORD_CHANGE_WAITTIME | 1 | ||
MIN_PASSWORD_DIFFERENCE | 1 |
SECURITY_POLICY_USAGE****
SECURITY_POLICY_USAGE provides usage overview for policies for ABAP systems. Users with no policy are summed up into line where SECURITY_POLICY is emtpy.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_USER_POLICY_USAGE | SECURITY | POLICY_USAGE |
Example Content of SECURITY_POLICY_USAGE
SECURITY_POLICY(K) | USER_COUNT(D) |
1913 | |
COMPLEX_PASSWORD | 50 |
AUDIT_CONFIGURATION
Contains the current audit log file configuation
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | XML | CMD_AUDIT_CONFIGURATION | SECURITY | AUDIT_CONFIGURATION |
Example Content of AUDIT_CONFIGURATION
Example for a deactivated Security Audit Log with two empty filters:
<?xml version="1.0" encoding="utf-16"?>
<AuditConfiguration Enabled="No" SlotCount="2">
<Slot Client="" HighButton="" Login="" LowButton="X" MedButton="" Misc=""
MsgVect="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
RFCLogin="" RFCStart="" RepoStart="" SelVar="00" SlotIndex="1" Status="" System="" TAStart="" Uname="" UserMaster=""/>
<Slot
Client="" HighButton="" Login="" LowButton="X" MedButton="" Misc=""
MsgVect
="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
RFCLogin="" RFCStart="" RepoStart="" SelVar ="00" SlotIndex="2"
Status="" System="" TAStart="" Uname="" UserMaster="" />
</AuditConfiguration>
The token SlotIndex shows the slot number. The token Enabled shows the master switch for the Security Audit Log. The token Status shows if a slot is activated. The tokens Client and Uname define the selection. The tokens HighButton, MedButton, and LowButton show the severity. The tokens Login, RFCLogin, TAStart, RepoStart, RFCStart, UserMaster, Misc, and System show the event classes if SelVar is "00".
The token MsgVect shows the detailed message selection if SelVar is not "00". In this case active events are identified using individual bits at specific positions within field MsgVect. The position is calculated using the alphanumerical order 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ according to the SUBID of the events. The event area (AU, BU, CU, DU, EU) defines the bit which is added to the value on that position: AU = x80 (hex), BU = x40, CU = x20 , DU = x10 , EU = x08 .
Only the first 36 positions of field MsgVect are used. Every position holds two bytes therefore you see two hexadecimal characters per position.
Example showing active system events of event area
AU
= x
80
only (AUE AUF AUG AUH AUI AUJ):
Position 123456789012345678901234567890123456789012345678901234567890123456789012
SUBID -0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F-G-H-I-J-K-L-M-N-O-P-Q-R-S-T-U-V-W-X-Y-Z
MSGVECT 000000000000000000000000000080808080808000000000000000000000000000000000...
Example showing events CUL
(x20
), CUM
(x20
) and BUZ
(x40
).
Position 123456789012345678901234567890123456789012345678901234567890123456789012
SUBID -0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F-G-H-I-J-K-L-M-N-O-P-Q-R-S-T-U-V-W-X-Y-Z
MSGVECT 000000000000000000000000000000000000000000202000000000000000000000000040...
If you want to validate for individual event you can use a regular expression to define an rule within configuration validation.
.{42}2.2..{24}4..+
This regular expression skips 42 characters, checks the two event positions L
and M
, skips another 24 characters, checks event position Z
, and accepts any remaining characters.
You yan use double bytes for ignored positions, too:
(..){21}2.2.(..){12}4..*
Caution: Every double byte is a bit vector which represents multiple event codes.
If you just want to verify if a specific message is part of the filter but you do no care if more events are active, then you are in trouble.
- If
CUL
is active you seex20
on that position. - If
AUL
andCUL
are active you seex80
+x20
=xA0
on that position. - The Rexeg part
2.
above is true ifCUL
is active (and ifEUL
is active as well) but not if any of the eventsAUL
,BUL
,DUL
are active. - The Rexeg part
2.
above is true ifCUM
is active (and ifEUM
is active as well) but not if any of the eventsAUM
,BUM
,DUM
are active. - The Rexeg part
4.
above is true ifBUZ
is active (and ifEUZ
is active as well) but not if any of the eventsAUZ
,CUZ
,DUZ
are active.
Therefore, you have to construct a regular expression which covers all combinations:
Event Area | Regex for a specific position | Short Regex for a specific position |
|
| [89A-F][08] |
|
| [4-7C-F][08] |
|
| [2367ABEF][08] |
|
| [13579BDF][08] |
|
| [0-9A-F]8 |
This leads to the following regular expression which verifies if at least the events CUL
, CUM
, and BUZ
are active.
(..){21}[2367ABEF][08][2367ABEF][08](..){12}[4-7C-F][08].*
SESSION_MANAGEMENT
Shows if the new ABAP session management is active.
This configuration store shows if the field ICF_CONTROL of table ICF_SESSION_CNTL has a value > 0 in a client (availalbe per connected client to SAP Solution Manager). You maintain the session management setting in transaction SICF_SESSIONS.
Online documentation - Activating HTTP Security Session Management on AS ABAP
http://help.sap.com/saphelp_nw73/helpdata/en/bb/1bcf2122fd4a76948816b1342f20d7/content.htm
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_SESSION_MANAGEMENT | SECURITY | SESSION_MANAGEMENT |
Example Content of SESSION_MANAGEMENT
NAME(K) | VALUE(D) |
SESSION_MANAGEMENT | ACTIVE |
USER_PASSWD_HASH_USAGE
Shows the distribution of the different password hash types ( BCODE PASSCODE / PWDSALTEDHASH).
See also Why you should really get rid of old password hashes *NOW* posted by joris van de Vis in SCN Security on May 8, 2014 9:01:30 AM.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_USER_HASH_USAGE | SECURITY | PASSWORD_HASHING |
Example Content of USER_PASSWD_HASH_USAGE
USER_TYPE(K) | BCODE(K) | PASSCODE(K) | PWDSALTEDHASH(K) | NUM_USER(D) | PERC_USER(D) |
COMMUNICATION | UNUSED | UNUSED | USED | 40 | 21.05 |
COMMUNICATION | UNUSED | USED | UNUSED | 145 | 76.32 |
COMMUNICATION | USED | UNUSED | UNUSED | 5 | 2.63 |
DIALOG | UNUSED | UNUSED | UNUSED | 22 | 1.63 |
DIALOG | UNUSED | UNUSED | USED | 711 | 52.74 |
DIALOG | UNUSED | USED | UNUSED | 496 | 36.80 |
TDDAT
Contains authorization class for specific (hard coded) tables SSF_PSE_* and USR* and USH*
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_TDDAT | SECURITY | TDDAT |
Example Content of TDDAT
TABNAME(K) | MCLASS(D) | CCLASS(D) | FLAG(D) |
SSF_PSE_D | SPSE | ||
SSF_PSE_H | SPSE | ||
USH02 | SPWD | ||
USH02_ARC_TMP | SPWD | ||
USH04 | SC | ||
USH10 | SC |
TDDAT_TABLES**
Like config store TDDAT but allows to specifiy the tables checked in the store customizing.
You can choose patterns like T77* or US+02 for customizing field table name.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_TDDAT_TABLES | SECURITY | TDDAT |
LOCKED_TRANSACTIONS***
Contains all transactions which have been locked ( columns: TRANSACTION / TEXT)
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_LOCKED_TRANSACTIONS | SECURITY | TRANSACTIONS |
Example Content of LOCKED_TRANSACTIONS
TRANSACTION(K) | TEXT(D) |
RSA1 | Modeling - DW Workbench |
SWF_DEBUG | Edit Workflow Breakpoints |
VSCAN_GROUP and VSCAN_SERVER***
Provide information about the Virus Scan Adapter. For more information see here: help.sap.com
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SECURITY_VSCAN_GROUP | SECURITY | VSCAN |
Content of VSCAN_GROUP
SCANGROUP(K) | BADI_IMPL(D) |
MIME |
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Technical System | TABLE | CMD_SECURITY_VSCAN_SERVER | SECURITY | VSCAN |
Example Content of VSCAN_SERVER
NAME(K) | TYPE(D) | SCANGROUP(D) | STATUS(D) | ASNAME(D) | TRACELEVEL(D) | CODEPAGE(D) | INITINTERVAL(D) | MAX_INSTANCES(D) | CONFIG_FILE(D) | DIR_EXECUTABLE(D) | VSA_LIB(D) | INSTANCE_NAME(D) |
VSA_LDCISID | ADAPTER | MIME | ACTV | ldcisid_SID_00 | 0 | 0000 | 0024 | 000 | /opt/bowbridge/libAVB31.so | |||
VSCAN_LDCISID | SERVER | MIME | ACTV | ldcisid_SID_00 | 0 | 0000 | 0024 | 000 | /opt/bowbridge/libAVB31.so |
Config Stores dealing with Critical User Authorizations
AUTH_COMP_CHECK_USER**
User authority check store based on authorization combinations
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_AUTH_U1_AC | AUTHORITY | USERS |
Example Content of AUTH_COMB_CHECK_USER
COMB_ID(K) | RC(D) | USER(K) |
MODIFY_SMSETUP | USER001 | |
MODIFY_SMSETUP | USER002 | |
MODIFY_SMSETUP | USER003 | |
MODIFY_SMSETUP | USER004 | |
MODIFY_SMSETUP | USER005 | |
MODIFY_SMSETUP | USER006 |
AUTH_PROFILE_USER**
User profile check store (Default: users having SAP_ALL profile) based on profiles
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_AUTH_PROFILE_USER | AUTHORITY | PROFILES |
Example Content of AUTH_PROFILE_USER
PROFILE(K) | USER(K) | RESULT(D) | USER_TYPE(D) |
SAP_ALL | USER001 | USER_IS_AUTHORIZED | DIALOG |
SAP_ALL | USER002 | USER_IS_AUTHORIZED | DIALOG |
SAP_ALL | USER003 | USER_IS_AUTHORIZED | DIALOG |
SAP_ALL | AGS_SM_SETUP | USER_IS_AUTHORIZED | SERVICE |
SAP_ALL | WFBATCH | USER_IS_AUTHORIZED | DIALOG |
SAP_ALL | ALEREMOTE | USER_IS_AUTHORIZED | DIALOG |
Column USER_TYPE has been added with ST-A/PI 01R*
AUTH_PROFILE_USER_CHANGE_DOC***
User change documents showing SAP_ALL assignments. Including the timestamp of the event in the managed system and also the user who did the asignment.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | EVENT | CMD_USER_CHANGE_DOC | AUTHORITY | PROFILES |
Example Content of AUTH_PROFILE_USER_CHANGE_DOC
USER(K) | ACTION(K) | PROFILE(K) | MODIFIED_BY(D) |
CHARM_DUMMY | DELETED | SAP_ALL | USER04 |
BUSER01 | DELETED | SAP_ALL | USER01 |
BUSER02 | DELETED | SAP_ALL | USER02 |
BUSER03 | DELETED | SAP_ALL | USER03 |
BUSER04 | DELETED | SAP_ALL | USER03 |
BUSER05 | DELETED | SAP_ALL | USER03 |
AUTH_TRANSACTION_USER**
User transaction check store based on transactions. Based on customizing.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_AUTH_TRANSACTION_USER | AUTHORITY | TRANSACTIONS |
AUTH_ROLE_USER**
Contains user to role relations. Based on customizing
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_CHECK_ROLE_USER | AUTHORITY | ROLE_USER |
AUTH_USER_TYPES**
Contains user type information. Based on customizing.
This ConfigStore allows to check for users of a specific user type. The customizing consists of three fields:
'Check Id' A character field of length 30 used as identifier of a check in the customizing and the store content.
'User Name' A dedicated user or a user pattern can be used here.
'User type' The following values are allowed: 'DIALOG', 'SYSTEM', 'COMMUNICATION', 'REFERENCE', 'SERVICE' and '*' for all user types.
The ConfigStore must not be used to upload mass data. The intention of this Store is to check dedicated users and or may be small user groups which can be selected using a user pattern.
Typical use case:
Check if WF-BATCH or other powerful technical users have user type “system”.
Additional Information
Landscape Object | Store Type | Extractor Name | Alias | Sub Alias |
Client | TABLE | CMD_CHECK_USER_TYPES | AUTHORITY | USER_TYPES |
Config Stores dealing with Role Configuration
AUTH_COMP_CHECK_ROLE**
Role check store based on authorization combinations
AUTH_PATTERN_ROLE**
Role check store based on naming pattern
Use this store to get a list of role names into the CCDB. In the customizing of the ConfigStore you enter patterns like Z* into the value column. You can ignore the parameter column. Limitation: Only the * is recognized as a pattern character but not the + sign as you might expect it.
AUTH_P_ABAP_ROLE**
Roles granting access to HR Reports (P_ABAP = Authorization object that is used during the authorization check for HR Reports)
AUTH_INDI_MAINT_ORGA_ROLE**
Roles having individuel maintained organizational elements
AUTH_DISPLAY_ROLE**
Display roles with non-dispaly authorizations. You have to define customizing describing the role names (use * to describe generic names) which should be checked.
Customizing table contains 2 column: Parameter and Value. Each Entry needs an unique Parameter entry (just start with ROLE0001 for the first entry and ROLE0002 for the second entry and so on). Value contains the role name (support wildcard *).
AUTH_INFOTYPE_ROLE**
Roles with InfoTypes
AUTH_3RD_PARTY_ROLE**
3rd party roles with unexpected authorizations
AUTH_SENSI_TRANSACTION_ROLE**
Roles with access to sensitive transactions
AUTH_SENSI_TABLES_ROLE**
Roles with access to sensitive tables
AUTH_GEN_ORGA_ELEM_ROLE**
Roles with generic organisations elements
Abbreviations
* Added with 7.10 SPS10
** Config store customizing available / necessary
*** Added with 7.2 SP03
**** Added with 7.2 SP05
5 Comments
Rene Muth
move content out of comment
Rene Muth
Content of 7.10 SPS08
Rene Muth
Added Content of 7.10 SPS10
Rene Muth
Update the content description for ABAP. Added content examples
Mattias Umlauf
Hi Rene,
thanks for sharing the store documentation. Unfortunately info about store AUTH_INFOTYPE_ROLE is quite short. Could you plaese provide info about the customizing. How can I check what user roles also include infotypes? What is Object, Field Name and From in this case?
Thanks a lot in advance
Regards,
Mattias