Technical Operations
Page tree
Skip to end of metadata
Go to start of metadata

  • CCDB Content Overview of an ABAP system

Config stores  in CCDB could be categorized like the following:

  •  Software Configuration
  •  ABAP Instance Parameter
  •  Database Configuration
  •  Operating System Configuration
  •  Business Warehouse Configuration
  •  RFC Destinations Configuration
  •  System Change Option Configuration
  •  Security Configuration
  • Critical user authorizations

Config Stores dealing with Software Configuration

SAP_KERNEL  

SAP Kernel release and patch information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

PROPERTY

CMD_SAP_KERNEL

ABAP-SOFTWARE

SAP-KERNEL

Example Content of SAP_KERNEL

PARAMETER(K)

VALUE(D)

KERN_COMP_ON

SunOS 5.9 Generic_122300-28 sun4u

KERN_COMP_TIME

Aug 26 2014 11:53:48

KERN_DBLIB

DB6_81

KERN_PATCHLEVEL

622

KERN_REL

720_REL

PLATFORM-ID

370


ABAP_COMP_RELEASE

Software component release information

 Additional Information


Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_COMPRELEASE

ABAP-SOFTWARE

COMPONENT-RELEASE

 Example Content of ABAP_COMP_RELEASE

PARAMETER(K)

VALUE(D)

AOFTOOLS

400_620_04

DMIS

2011_1_700

EA-APPL

604

EA-DFPS

604

EA-FINSERV

604

EA-GLTRADE

604

ABAP_COMP_SPLEVEL

Software component and support package information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SPLEVEL

ABAP-SOFTWARE

SUPPORT-PACKAGE-LEVEL

 Example Content of ABAP_COMP_SPLEVEL

COMPONENT(K)

RELEASE(K)

EXTRELEASE(D)

AOFTOOLS

400_620_04

0000

DMIS

2011_1_700

0007

EA-APPL

604

0000

EA-DFPS

604

0000

EA-FINSERV

604

0000

EA-GLTRADE

604

0000

ABAP_PACKAGES

Installed ABAP package information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_ABAP_PACKAGES

ABAP-SOFTWARE

INSTALLED-ABAP-PACKAGES

Example Content of ABAP_PACKAGES

PARAMETER(K)

VALUE(D)

BSTK000079

Language Export wrt IT/IBC 217

BSTK000085

Language Export wrt IT/IBC 217

C4HK000050

Language Export wrt IT/IBC 383

C4HK000192

SAP-HR Language Export

C4HK000198

SAP-HR Language Export

C4HK000206

SAP-HR Language Export

ABAP_NOTES  

Notes applied via SNOTE

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_ABAP_NOTES

ABAP-SOFTWARE

ABAP-NOTES

 Example Content of ABAP_NOTES

NOTE(K)

VERSION(D)

TEXT(D)

PRSTATUST(D)

PRSTATUS(D)

0000148632

0034

Incorrect results in capacity requirements planning

Obsolete version implemented

V

0000195114

0003

Thirteenth salary DECSE

Undefined Implementation State

0000195767

0001

Operação BROFE   e diferentes tipos de ausência

Undefined Implementation State

0000195868

0002

Taxes thirteenth salary third cumulation clear

Undefined Implementation State

0000195953

0003

Calculo de offcycle para funcionários demitidos

Undefined Implementation State

0000196333

0003

Rescisão com férias no mês

Undefined Implementation State

ABAP_SWITCH_FRAMEWORK

Active EHP switches

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SFW_SOLMAN_DATA

ABAP-SOFTWARE

ABAP-SFW

 Example Content of ABAP_SWITCH_FRAMEWORK

AREA(K)

FUNCTION(K)

EA

/CUM/MAIN

EA

EA-CP

EA

EA-DFP

EA

EA-FIN

EA

EA-FRC

EA

EA-FS

ABAP_TRANSPORTS

Transports created and or imported in/to the system

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

EVENT

CMD_ABAP_TRANSPORTS_2

ABAP-SOFTWARE

ABAP-TRANSPORTS

 Example Content of ABAP_TRANSPORTS

TRKORR(K)

TARCLIENT(D)

RETCODE(D)

OBJECTS(D)

AS4TEXT(D)

TRFUNCTIONT(D)

TRSTATUST(D)

TRFUNCTION(D)

TRSTATUS(D)

HBWK000007



0

Note 1702711

Workbench Request

Modifiable

K

D

HBWK000007



23

Note 1702711

Workbench Request

Released

K

R

HBWK000012



9

Note 1741541

Workbench Request

Released

K

R

HBWK000010



5

Note 1741541

Workbench Request

Released

K

R

CIDK054330

200

0000

1

Test of Service Definitions, for system HBW

Transport of Copies

Released

T

R

ECDK900150

000

0004

6

TMSADM:   abgespeckte Rolle zum Profil S_A.TMSADM

Customizing Request

Released

W

R

New config stores columns added with SAP Solution Manager 7.10 SP09

PROJECT / EXPORT_TIMESTAMP / SAP_TMWFLOW

TIMESTAMP

Last changed timestamp (import timestamp)

TRKORR

Transport request number

TARCLIENT

Import client

RETCODE

return code of import

OBJECTS

Number of objects within transport request

AS4TEXT

Description of transport request

TRSTATUST / TRSTATUS

Transport request status as text and flag

TRFUNCTIONT / TRFUNCTION

Transport function as text and flag

EXPORT_TIMESTAMP

Export timestamp of request

PROJECT

Stands for a CTS Project is not the Project displayed in transaction SE09 directly, it’s an attribute displayed as CTS Project.

SAP_TMWFLOW

The attribute SAP_TMWFLOW contains information about the tool that had generated the transport request. If the field is empty no special transport tool has been used .The first character of the string is related to the tool:

Tool

First character

Charm   Normal Change Maintenance Project

M

Charm   Normal Change Implementation Project 

I

Charm   Urgent Correction

H

Charm   Upgrade Project

U

QGM

0-9

TRANSPORT_TOOL*

Contains custom transport settings

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_TRANSPORT_TOOL

ABAP-PARAMETER

TRANSPORT-TOOL

Example  Content of TRANSPORT_TOOL

NAME(K)

VALUE(D)

ABAPNTFMODE

b

ACC_IMPORT

1

CLIENTCASCADE

1

COFILELIFETIME

60

C_IMPORT

0

DATALIFETIME

60

SPAM_VERSION*

Contains SPAM-Release with version and patch number (SPAM = Support Package Manager)

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SPAM_VERSION

ABAP-SOFTWARE

SPAM-VERSION

Example Content of SPAM_VERSION

NAME(K)

VERSION(D)

PATCH(D)

SPAM-RELEASE

7.01

0054

ESH_CONFIG 

Enterprise Seach configuration

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_ESH_COI_GET_SNAPSHOT

ENTERPRISE-SEARCH

CONFIG

 LANDSCAPE

Landscape information (from LMDB)

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

E2E_CCDB_TECH_SYSTEM_TABLE

ABAP-SOFTWARE

SYSTEM_LANDSCAPE

 Example Content of LANDSCAPE

GLOBAL_ID(K)

LANDSCAPE_ELEMENT(K)

ATTRIBUTE(D)

VALUE(D)

0050568a-721f-02de-acbe-576d9973df0b:1

ProductInstance

caption

Product instance SAP ERP Central Component (SAP ECC) of   product version SAP ERP 6.0

0050568a-721f-02de-acbe-576d9973df0b:2

ProductInstance

name

SAP ECC Server

0050568a-721f-02de-acbe-57c20c261f6b:1

ProductInstance

caption

Product instance SAP Strategic Enterprise Management (SAP   SEM) of product version SAP enhancement package 4 for SAP ERP 6.0 ("Co

0050568a-721f-02de-acbe-57c20c261f6b:2

ProductInstance

name

SAP SEM

0050568a-721f-02de-acc0-ab18caa4815d:1

ProductVersion

caption

SAP enhancement package 4 for SAP ERP 6.0 on SAP   enhancement package for SAP NetWeaver 7.0

0050568a-721f-02de-acc0-ab18caa4815d:2

ProductVersion

name

EHP4 FOR SAP ERP 6.0 / NW7.01

MESSAGE_SERVER_PORT

Message server settings

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

E2E_CCDB_MESSAGE_SERVER

ABAP-SOFTWARE

PORT

Example Content of MESSAGE_SERVER_PORT

PARAMETER(K)

VALUE(D)

message server host

host.wdf.sap.corp

message server http port


message server https port


message server logon groups

PUBLIC,SPACE

message server port

20515

message server service name


SAPUI5_LIBS and SAPUI5_VERSION***

Contains major and minor version of the installed SAPUi5 software 

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SAPUI5_LIBS

ABAP-SOFTWARE

SAPUI5

Example content of SAPUI5_LIBS

LIBRARY(K)

MAIN_VERSION(K)

VERSION(D)

TIMESTAMP(D)

LIBRARY_NAME(D)

com.sap.apf.apf-lib

1.40

1.40.11

20170207122800

sap.apf

com.sap.apf.apf-lib

1.42

1.42.6

20170110132600

sap.apf

com.sap.apf.apf-lib

1.44

1.44.12

20170912112700

sap.apf

com.sap.ca.scfld.md

1.40

1.40.5

20161219101000

sap.ca.scfld.md

com.sap.ca.scfld.md

1.42

1.42.2

20161209093100

sap.ca.scfld.md

com.sap.ca.scfld.md

1.44

1.44.2

20161213093000

sap.ca.scfld.md

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_SAPUI5_VERSION

ABAP-SOFTWARE

SAPUI5 

Example content of SAPUI5_VERSION

PARAMETER(K)

VALUE(D)

VERSION

1.44 

Config Stores dealing with ABAP Instance Parameter

ABAP_INSTANCE_PAHI

Active profile parameter of an ABAP instance

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

PROPERTY

CMD_ABAP_INSTANCE_PAHI

ABAP-PARAMETER

PAHI

Example Content of ABAP_INSTANCE_PAHI

PARAMETER(K)

VALUE(D)

/HTTP/show_server_header

0

ApplianceType

 

DIR_ATRA

/usr/sap/Q43/D36/data

DIR_AUDIT

/usr/sap/Q43/D36/log

DIR_BINARY

/usr/sap/Q43/SYS/exe/run

DIR_CCMS

/usr/sap/ccms

ABAP_INSTANCE_PAHI_ENH****

Selected profile parameters of an ABAP instance, which you can define multiple times, plus additional entries showing the concatenated values of these parameters: icm/HTTP/admin_ALLicm/HTTP/auth_ALLicm/HTTP/logging_ALL, icm/HTTP/redirect_ALL, and icm/server_port_ALL.

It allows, e.g. to check if at least one of the parameters icm/server_port_0 to icm/server_port_9 contains an entry for HTTPS because all parameter value  are concatenated into the entry icm/server_port_ALL.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

PROPERTY

CMD_ABAP_INSTANCE_PAHI

ABAP-PARAMETER

PAHI

Example Content of ABAP_INSTANCE_PAHI_ENH

PARAMETER(K)

VALUE(D)

icm/HTTP/admin_0PREFIX=/sap/admin,DOCROOT=/usr/sap/FQ7/DVEBMGS00/data/icmandir/admin,AUTHFILE=/usr/sap/FQ7/SYS/global/security/data/icmauth.txt
icm/HTTP/admin_ALL {PREFIX=/sap/admin,DOCROOT=/usr/sap/FQ7/DVEBMGS00/data/icmandir/admin,AUTHFILE=/usr/sap/FQ7/SYS/global/security/data/icmauth.txt}
icm/HTTP/auth_0PREFIX=/,FILTER=SAP
icm/HTTP/auth_ALL {PREFIX=/,FILTER=SAP}
icm/HTTP/logging_0PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month
icm/HTTP/logging_1PREFIX=/, LOGFORMAT=SAPSMD, LOGFILE=icmhttp.log, MAXSIZEKB=10240, SWITCHTF=day, FILEWRAP=on
icm/HTTP/logging_ALL {PREFIX=/, LOGFILE=icmhttph.log, FILTER=SAPSMD, LOGFORMAT=SAPSMD2, MAXSIZEKB=10240,FILEWRAP=on, SWITCHTF=month}{PREFIX=/, LOGFORMAT=SAPSMD, LOGFILE=icmhttp.log, MAXSIZEKB=10240, SWITCHTF=day, FILEWRAP=on}

icm/server_port_0

PROT=HTTP,  PORT=50000, PROCTIMEOUT=300, TIMEOUT=300

icm/server_port_1

PROT= HTTPS, PORT=44300, PROCTIMEOUT=300, TIMEOUT=300

icm/server_port_2

PROT=SMTP,  PORT=25000, PROCTIMEOUT=300, TIMEOUT=300

icm/server_port_3

 

icm/server_port_4

 

icm/server_port_ALL

{PROT=HTTP, PORT=50000, PROCTIMEOUT=300, TIMEOUT=300}{PROT= HTTPS, PORT=44300, PROCTIMEOUT=300, TIMEOUT=300}{PROT=SMTP,  PORT=25000, PROCTIMEOUT=300, TIMEOUT=300}{}{}

ABAP_DEFAULT_PROFILE, ABAP_INSTANCE_PROFILE,  ABAP_START_PROFILE, ABAP_ASCS_PROFILE

Profile files used by an ABAP instance

Additional Information ABAP_INSTANCE_PROFILE

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

TEXT

CMD_ABAP_INSTANCE_PROFILE

PROFILE

INSTANCE

Example Content of ABAP_INSTANCE_PROFILE

#.*************************************************************************************
#.*                                                                                   *
#.*       Instance profile XXX_YYY_HOST                                               *
#.*                                                                                   *
#.*       Version                 = 000858                                            *
#.*       Generated by user = USERID                                                  *
#.*       Generated on = 09.09.2014 , 06:45:15                                        *
#.*                                                                                   *
#.*************************************************************************************
#parameter created                          by: DSS*         15.09.2013 14:41:57
ssl/client_ciphersuites = 208:HIGH:MEDIUM:+e3DES:!aNULL:!eNULL

Config Stores dealing with Database Configuration

DB_INFO

DBSL release information of an SAP Kernel Ÿ Database dependent

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

PROPERTY

CMD_DBRELINFO

ABAP-DATABASE

DB

Example Content of DB_INFO

PARAMETER(K)

VALUE(D)

CHARSET

UTF8

CLIREL

DB6_81

DBHOST

usdbq43

DBNAME

Q43

DBSCHEMA

SAPQ43

DBSL_PATCHLEVEL

622

BRTOOLS_LEVEL

BRTOOLS level information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_BRTOOLS_RELEASE

ABAP-DATABASE

ORACLE

Example Content of BRTOOLS_LEVEL

PARAMETER(K)

VALUE(D)

PATCH

49

RELEASE

7.00

Database level

Database level information available in config stores:  MAXDB_LEVEL, DB6_LEVEL, HDB_LEVEL, MSSQL_LEVEL, ORA_LEVEL

Database parameter

Database parameter information available in config stores: MAXDB_PARAMETER, HDB_PARAMETER, MSSQL_PARAMETER, DB6_REGISTRY, DB6_CONFIG, DB6_DBMCONFIG, ORA_PARAMETER, ORA_SYSTEM_FIX_CONTROL

Config Stores dealing with Operating System Configuration

ENV_VARIABLES

Shell enviroment variables of  user <SID>ADM

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

PROPERTY

CMD_STUO_GET_ENVIRONMENT

OS

ENVIRONMENT

 Example Content of ENV_VARIABLES

PARAMETER(K)

VALUE(D)

DB2CLIINIPATH

/sapmnt/Q43/global/db6

DB2COUNTRY

1

DB2DB6EKEY

INTERNAL

DB2DB6_SVCENAME

sapdb2Q43

DB2DBDFT

Q43

DB2_CLI_DRIVER_INSTALL_PATH

/sapmnt/Q43/global/db6/SUNOS_64/db6_clidriver

PHYSICAL_HOST

Relation physical host to virtual host

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

E2E_CCDB_PHYS_HOST_EXTRACTOR

OS

ENVIRONMENT

Example  Content of PHYSICAL HOST

HOSTNAME(K)

HOSTNAMEFULL(D)

HOSTTYPE(D)

PHYHOSTNAME(D)

PHYHOSTNAMEFULL(D)

yyy

yyy.dhcp.wdf.sap.corp

V

xxx


saposcol

CPU, memory, and operating system patch information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

XML


OS

SAPOSCOL

Example Content of saposcol

saposcol

#<?xml version="1.0" encoding="utf-16"?>  
<sldinfo model_version="1.3.21" supplier_name="ComputerSystem" supplier_version="1.0">
<group group_type="SPECIFIC" name="system1">
<class name="SAP_ComputerSystem">
<instance> <property name="Status">
<value> OK</value>
</property> <property name="NameFormat">
<value> IP</value> </property>
<property name="Caption">
<value> Windows Server vmw4748 [X64]</value>
</property> <property name="Name">
...

SAPHostAgent

Version of the SAP host agent 

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

E2E_CCDB_SAPHOSTAGENT

SAPHOSTAGENT

RELEASE

Example Content of SAPHostAgent

PARAMETER(K)

VALUE(D)

SAPHOSTAGENT_VERSION

720/140

SYSTEM_TIMEZONE***

Contains the system timezone  

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SYSTEM_TIMZO

SYSTEM

TIME-ZONE

Example Content of SYSTEM_TIMEZONE

NAME(K)

VALUE(D)

DSTRULE

EUROPE

SYSTEM_TIMEZONE

CET

ZONERULE

P0100

Config Stores dealing with Business Warehouse Configuration

ROIDOCPRMS

BW request transfer parameters

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_ROIDOCPRMS

BI

TRANSFER-PARAMETERS

Example Content of ROIDOCPRMS

SLOGSYS(K)

MAXSIZE(D)

STATFRQU(D)

MAXPROCS(D)

BTCSYSTEM(D)

MAXLINES(D)

MAXDPAKS(D)

Q43CLNT004

050000

10

03


000000


RSADMIN, RSADMINA, RSADMINC, RSADMINS

Common BW configuration

UPC_DARK, UPC_DARK2

Specific BW configuration

Config Stores dealing with RFC Destinations Configuration

RFCDES

All RFC destinations of a system; all RFC options in one column

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_RFCDES

RFC-DESTINATIONS

RFCDES

 Example Content of RFCDES

RFCDEST(K)

RFCTYPE(D)

RFCOPTIONS(D)

1A_PRODUCTION

T

H=%%RFCSERVER%%,G=10.55.128.32,g=3348,N=1A_PRODUCTION_UNICODE,Y=2,h=2,y=60,z=-2,q=0,d=2,

1A_STAGING

T

H=%%RFCSERVER%%,G=10.55.128.32,g=3348,N=1A_STAGING_UNICODE,Y=2,h=2,y=60,z=-2,q=0,d=2,

28CA_Wolfgang

3

H=10.66.23.174,S=28,M=002,U=XS_ISAAC,Y=2,h=2,z=-2,v=%_PWD,q=1,

47E228F428953AF6E10000000A421804

G

H=usai2q43,I=53614,N=/SAPControl.CGI,Q=A,s=Y,w=SAP_BC_SOAP,F=0      0010,t=ANONYM,

47E229CA28953AF6E10000000A421804

G

H=usai4q43,l=X,I=1128,N=/SAPOscol.CGI,Q=A,w=SAP_BC_SOAP,F=0      0010,t=ANONYM,

47E229D128953AF6E10000000A421804

G

H=usai4q43,l=X,I=1129,N=/SAPOscol.CGI,Q=A,s=Y,w=SAP_BC_SOAP,F=0      0010,t=ANONYM,

RFCDES_TYPE_[3,G,H,L,T]

RFC destinations per type, each attribute is a column

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_RFCDES_TYPE_3

RFC-DESTINATIONS

RFCDES_TYPE_3

Example Content of RFCDES_TYPE_3

RFCDEST(K)

RFCTYPE(D)

ARFC_ACTIVE(D)

ARFC_CYCLE(D)

ARFC_METHOD(D)

AUTHORITY(D)

CLIENT(D)

DESTLOCK(D)

EXPORTTRACE(D)

GROUP(D)

GWHOST(D)

GWSERVICE(D)

KEEPALIVETIMEOUTVAL(D)

LANGUAGE(D)

LOADBALANCING(D)

MDMPLIST(D)

MDMPSETTING(D)

PASSWORD(D)

PASSWORDSCR(D)

QRFCVERS(D)

RFCBITMAP(D)

RFCCONVERT(D)

RFCCONVX(D)

RFCLOGON_GUI(D)

RFCSNC(D)

RFCUNICODE(D)

RFCWAN(D)

SAME_USER(D)

SERVER(D)

SYSTEMID(D)

SYSTEMNR(D)

TRACE(D)

TRFCBTCDELAY(D)

TRFCBTCSUPPR(D)

TRFCBTCTRIES(D)

TRUSTED_SYSTEM(D)

USER(D)

28CA_Wolfgang

3


10

S


002


2




-2




N

(secret)

X

1

00000000

*

0023



1



10.66.23.174


28






XS_ISAAC

A0G

3


10

S


000


2




-2

E



N

(secret)

X

0

00000000

*

0023



2



uxcia0g.wdf.sap.corp


26






SAPCPIC

RFCDES_TYPE_3_CHECK

(Security): Is a user with critical authorizations used in an RFC destination?

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

E2E_CCDB_RFCDEST_CHECK

RFC-DESTINATIONS

RFCDES_CHECK

Example Content of RFCDES_TYPE_3_CHECK

RFCDEST(K)

LOGON_CLIENT(D)

LOGON_USER(D)

PASSWORD_STATUS(D)

HOST_NAME(D)

SYSTEM_IDENTIFIER(D)

SYSTEM_NUMBER(D)

TRUSTED_SYSTEM(D)

CV_USER_PROFILE_RESULT(D)

CV_CONFIG_DEST_LONG_SID(D)

CV_REMARK(D)

A0G

000

SAPCPIC

(secret)

host001.xyw.wwt.dom

 A0G

26




Host not found

A3FCLNT001

001

REMOTE_CATT

(secret)

host002.xyw.wwt.dom

 A3F

77




Host not found

A6TCLNT001

001

ALEREMOTE

(secret)

host003.xyw.wwt.dom

A6T

 88




Host not found

A8PCLNT001

001

ALEREMOTE

(secret)

host005.xyw.wwt.dom

A8P

 88




Host not found


Config Stores dealing with System Change Configuration

CLIENTS

System change settings per client

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_T000

SYSTEM-CHANGE-OPTION

CLIENT-SETTING

Example Content of CLIENTS

MANDT(K)

MTEXT(D)

ORT01(D)

MWAER(D)

ADRNR(D)

CCCATEGORY(D)

CCCORACTIV(D)

CCNOCLIIND(D)

CCCOPYLOCK(D)

CCNOCASCAD(D)

CCSOFTLOCK(D)

CCORIGCONT(D)

CCIMAILDIS(D)

CCTEMPLOCK(D)

LOGSYS(D)

000

SAP AG Konzern

Walldorf

EUR


S

3


X




X


HBWCLNT000

001

SAP AG Konzern

Walldorf

EUR


C

1








HBWCLNT001

200

BW 7.30 on HANA

Walldorf

EUR


T

1








HBWCLNT200

COMPONENTS

System change settings per component

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_SCO_COMPONENTS

SYSTEM-CHANGE-OPTION

COMPONENT-SETTING

Example Content of COMPONENTS

PARAMETER(K)

VALUE(D)

AOFTOOLS

NOT MODIFIABLE; NOT ENHANCEABLE

DMIS

NOT MODIFIABLE; NOT ENHANCEABLE

EA-APPL

NOT MODIFIABLE; NOT ENHANCEABLE

EA-DFPS

NOT MODIFIABLE; NOT ENHANCEABLE

EA-FINSERV

NOT MODIFIABLE; NOT ENHANCEABLE

EA-GLTRADE

NOT MODIFIABLE; NOT ENHANCEABLE

GLOBAL

System change settings global

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

PROPERTY

CMD_SCO_GLOBAL_SETTING

SYSTEM-CHANGE-OPTION

GLOBAL-SETTING

Example Content of GLOBAL

PARAMETER(K)

VALUE(D)

GLOBAL_SETTING

MODIFIABLE

NAMESPACES

System change settings per namespace

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SCO_NAMESPACES

SYSTEM-CHANGE-OPTION

NAMESPACE-SETTING

Example Content of NAMESPACES

NAMESPACE(K)

TEXT(D)

PREFIX(D)

CHANGEABLE(D)

/0CUST/

Customer Name Range


MODIFIABLE

/0SAP/

General SAP Name Range


MODIFIABLE

/0SJ1S/

IS-M: CH Version


NOT MODIFIABLE

/0SJ3G/



NOT MODIFIABLE

/0SJ3R/



NOT MODIFIABLE

/0SJ4G/



NOT MODIFIABLE

GLOBAL_CHANGE_LOG***

Change Log of System Change Option - Global Setting (which is transaction SE03 / System Change Option)
There is still config store GLOBAL which contains the setting as well just based on the usual snapshot extraction method of CCDB.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

EVENT

CMD_TRLOG_SYSTEM

SYSTEM-CHANGE-OPTION

GLOBAL-SETTING

Content of GLOBAL_CHANGE_LOG

COMPONENT(K)

PREVIOUS(D)

AFTERWARDS(D)

USER(D)

Repository and cross-client Cu

Modifiable

Not Modifiable

USER01

Repository and cross-client Cu

Not Modifiable

Modifiable

USER01

COMPONENTS_CHANGE_LOG***

Change Log of System Change Option - Software Component

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

EVENT

CMD_TRLOG_SYSTEM

SYSTEM-CHANGE-OPTION

COMPONENT-SETTING

Example Content of COMPONENTS_CHANGE_LOG

COMPONENT(K)

PREVIOUS(D)

AFTERWARDS(D)

USER(D)

SAP_BASIS

Restricted Modifiability

Not Modifiable/ Enhanceable Only

USER02

SAP_BASIS

Restricted Modifiability

Not Modifiable/ Enhanceable Only

USER02

SAP_BASIS

Restricted Modifiability

Not Modifiable/ Not Enhanceable

USER02

SAP_BASIS

Restricted Modifiability

Not Modifiable/ Enhanceable Only

USER02

SAP_BASIS

Restricted Modifiability

Not Modifiable/ Enhanceable Only

USER02

SAP_BASIS

Not Modifiable/ Not Enhanceable

Not Modifiable/ Enhanceable Only

USER02

NAMESPACES_CHANGE_LOG***

Change Log of System Change Option - Namespace/Name Range 

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

EVENT

CMD_TRLOG_SYSTEM

SYSTEM-CHANGE-OPTION

NAMESPACE-SETTING

Example Content of NAMESPACES_CHANGE_LOG

COMPONENT(K)

PREVIOUS(D)

AFTERWARDS(D)

USER(D)

/KWCUST/

Not Modifiable

Modifiable

USER01

/KWCUST/

Modifiable

Not Modifiable

USER01

/KWCUST/

Not Modifiable

Modifiable

USER02

/KWCUST/

Modifiable

Not Modifiable

USER01

/SOCO/

Modifiable

Not Modifiable

USER03

/SOCO/

Not Modifiable

Modifiable

USER93

Config Stores dealing with Security Configuration

ŸGW_REGINFO, GW_SECINFO, MS_SECINFO, GW_PRXINFO

 Gateway, proxy and message server access control lists

Additional Information GW_SECINFO

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

TEXT

CMD_SECURITY_GW_SECINFO

SECURITY

GATEWAY

Example Content of GW_SECINFO

P USER=* USER-HOST=local HOST=local TP=*
P USER=* USER-HOST=local HOST=internal TP=*
P USER=* USER-HOST=internal HOST=local TP=*

STANDARD_USERS

ABAP standard user with password and lock status

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SECURITY_STANDARD_USERS

SECURITY

ABAP

 Example Content of STANDARD_USERS

CLIENT(K)

USER(K)

PASSWORD_STATUS(D)

EXISTS(D)

LOCKED(D)

000

DDIC

CHANGED

X


000

SAP*

CHANGED

X

X

000

SAPCPIC




000

TMSADM

CHANGED

X


001

DDIC

CHANGED

X


001

SAP*

CHANGED

X


PSE_CERT

Certifications with validity information

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Instance

TABLE

CMD_PSE_CERTIFICATE

SECURITY

PSE_CERT

Example Content of PSE_CERT

APPLICATION(K)

CONTEXT(K)

TYPE(K)

SUBJECT(K)

ISSUER(K)

SERIALNO(K)

VALID_FROM(K)

VALID_TO(D)

<SNCS>

PROG

CERTIFICATE

CN=SSO_CA, O=SAP-AG, C=DE

CN=SSO_CA, O=SAP-AG, C=DE

01000000

19980504125933

20230831120000

<SNCS>

PROG

CERTIFICATE

EMAIL=maik.mueller@sap-ag.de, CN=SAPNetCA, OU=SAPNet,   O=SAP-AG, C=DE

EMAIL=maik.mueller@sap-ag.de, CN=SAPNetCA, OU=SAPNet,   O=SAP-AG, C=DE

01000000

19980504115634

20150718120000

ŸTWPSSO2ACL, RFCSYSACL, SNCSYSACL

Trusted-RFC, -SNC and -„Logon Tickets“ information

Additional Information TWPSSO2ACL

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_TWPSSO2ACL

SECURITY

TRUSTED LOGON TICKETS

Example Content of TWPSSO2ACL

MANDT(K)

WPS_SYSID(K)

WPS_MANDT(K)

DN_SUBJECT(D)

DN_ISSUER(D)

SERIALNO(D)

000

CXX

000

CN=SXX, OU=DSS, O=SAP-AG, C=DE

CN=SXX, OU=DSS, O=SAP-AG, C=DE

XXXX

000

CXX

000

OU=J2EE, CN=C85

OU=J2EE, CN=CXX

XX

000

CXX

000

CN=CXX

CN=CXX

XXXXX

000

CXX

000

OU=J2EE, CN=CXX

OU=J2EE, CN=CJ3

XX

000

EXX

000

CN=SXX, OU=DSS, O=SAP-AG, C=DE

CN=SXX, OU=DSS, O=SAP-AG, C=DE

XXXX

000

EXX

000

OU=J2EE, CN=EXX

OU=J2EE, CN=EXX


SICF_SERVICES

Active Web Services

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SICF

SECURITY

SERVICES

Example Content of SICF_SERVICES

ICF_NAME(K)

URL(K)

ICFSRVGRP(D)

HOST_NUMBER(D)

HOST_NAME(D)

EXTENDED_URL(D)

ICF_USER(D)

-GUI

/sap/option/-gui/


0

DEFAULT_HOST

/sap/option/-gui/


-STATEFUL

/sap/option/-stateful/


0

DEFAULT_HOST

/sap/option/-stateful/


-STATELESS

/sap/option/-stateless/


0

DEFAULT_HOST

/sap/option/-stateless/


-TRANSACTIONAL

/sap/option/-transactional/


0

DEFAULT_HOST

/sap/option/-transactional/


002

/sap/bc/srt/pm/sap/Q43002113/002/


0

DEFAULT_HOST

/sap/bc/srt/pm/sap/ecc_customer001qr/002/


002

/sap/bc/srt/pm/sap/Q43002116/002/


0

DEFAULT_HOST

/sap/bc/srt/pm/sap/ecc_materialslsbyelmnts004qr/002/


AUTH_SECURITY_POLICY

Contains (if exists) the new security policy

Security Policies,  which extend user types and password rules in ABAP, have been introduced with SAP_BASIS 7.03 (= 7.00 Ehp 3). See transaction SECPOL respective the online help:http://help.sap.com/saphelp_nw70ehp3/helpdata/en/41/019a4dba8d4afcb9e6a12003e40a2a/content.htm.

 Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SECURITY_POLICY

SECURITY

POLICY

 Example Content of AUTH_SECURITY_POLICY

CLIENT(K)

NAME(K)

ATTRIB_KEY(K)

ATTRIB_VALUE(D)



DISABLE_PASSWORD_LOGON

0



MAX_FAILED_PASSWORD_LOGON_ATTEMPTS

5



MAX_PASSWORD_IDLE_INITIAL

0



MAX_PASSWORD_IDLE_PRODUCTIVE

0



MIN_PASSWORD_CHANGE_WAITTIME

1



MIN_PASSWORD_DIFFERENCE

1

SECURITY_POLICY_USAGE**** 

SECURITY_POLICY_USAGE provides usage overview for policies for ABAP systems. Users with no policy are summed up into line where SECURITY_POLICY is emtpy.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_USER_POLICY_USAGE

SECURITY

POLICY_USAGE

Example Content of SECURITY_POLICY_USAGE

SECURITY_POLICY(K)

USER_COUNT(D)


1913

COMPLEX_PASSWORD50

AUDIT_CONFIGURATION

Contains the current audit log file configuation

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

XML

CMD_AUDIT_CONFIGURATION

SECURITY

AUDIT_CONFIGURATION

Example Content of AUDIT_CONFIGURATION

Example for a deactivated Security Audit Log with two empty filters: 

<?xml version="1.0" encoding="utf-16"?>
<AuditConfiguration Enabled="No" SlotCount="2">
<Slot Client="" HighButton="" Login="" LowButton="X" MedButton="" Misc=""
 MsgVect="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
RFCLogin="" RFCStart="" RepoStart="" SelVar="00" SlotIndex="1" Status="" System="" TAStart="" Uname="" UserMaster=""/>
<Slot  Client="" HighButton="" Login="" LowButton="X" MedButton="" Misc="" 
 MsgVect ="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" 
RFCLogin="" RFCStart="" RepoStart="" SelVar ="00" SlotIndex="2"  Status="" System="" TAStart="" Uname="" UserMaster="" />
</AuditConfiguration>

The token SlotIndex shows the slot number. The token Enabled shows the master switch for the Security Audit Log. The token Status shows if a slot is activated. The tokens Client and Uname define the selection. The tokens HighButton, MedButton, and LowButton show the severity. The tokens Login, RFCLogin, TAStart, RepoStart, RFCStart, UserMaster, Misc, and System show the event classes if SelVar is "00".

The token MsgVect shows the detailed message selection if  SelVar  is not "00". In this case active events are identified using individual bits at specific positions within field MsgVect. The position is calculated using the alphanumerical order 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ according to the  SUBID of the events. The event area (AU,  BU,  CU, DU, EU) defines the bit which is added to the value on that position: AU = x80 (hex), BU = x40CU = x20 DU  =  x10 EU  =  x08 .

Only the first 36 positions of field MsgVect are used. Every position holds two bytes therefore you see two hexadecimal characters per position.

Example showing active system events of event area  AU  = x 80  only (AUE AUF AUG AUH AUI AUJ): 

Position 123456789012345678901234567890123456789012345678901234567890123456789012
SUBID    -0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F-G-H-I-J-K-L-M-N-O-P-Q-R-S-T-U-V-W-X-Y-Z
MSGVECT  000000000000000000000000000080808080808000000000000000000000000000000000...

Example showing events CUL (x20), CUM (x20) and BUZ (x40).

Position 123456789012345678901234567890123456789012345678901234567890123456789012
SUBID    -0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F-G-H-I-J-K-L-M-N-O-P-Q-R-S-T-U-V-W-X-Y-Z
MSGVECT  000000000000000000000000000000000000000000202000000000000000000000000040...

If you want to validate for individual event you can use a regular expression to define an rule within configuration validation.

.{42}2.2..{24}4..+

This regular expression skips 42 characters, checks the two event positions L and M, skips another 24 characters, checks event position Z, and accepts any remaining characters.  

You yan use double bytes for ignored positions, too:

(..){21}2.2.(..){12}4..*

Caution: Every double byte is a bit vector which represents multiple event codes.

If you just want to verify if a specific message is part of the filter but you do no care if more events are active, then you are in trouble.

  • If CUL is active you see x20 on that position.
  • If AUL and CUL are active you see x80 + x20 = xA0 on that position.
  • The Rexeg part 2. above is true if CUL is active (and if EUL is active as well) but not if any of the events AUL, BUL, DUL are active.
  • The Rexeg part 2. above is true if CUM is active (and if EUM is active as well) but not if any of the events AUM, BUM, DUM are active.
  • The Rexeg part 4. above is true if BUZ is active (and if EUZ is active as well) but not if any of the events AUZ, CUZ, DUZ are active.

Therefore, you have to construct a regular expression which covers all combinations:

Event Area

Regex for a specific position

Short Regex for a specific position

AU

(80|88|90|98|A0|A8|B0|B8|C0|C8|D0|D8|E0|E8|F0|F8)

[89A-F][08]

BU

(40|48|50|58|60|68|70|78|C0|C8|D0|D8|E0|E8|F0|F8)

[4-7C-F][08]

CU

(20|28|30|38|60|68|70|78|A0|A8|B0|B8|E0|E8|F0|F8)

[2367ABEF][08]

DU

(10|18|30|38|50|58|70|78|90|98|B0|B8|D0|D8|F0|F8)

[13579BDF][08]

EU

(08|18|28|38|48|58|68|78|88|98|A8|B8|C8|D8|E8|F8)

[0-9A-F]8

This leads to the following regular expression which verifies if at least the events CUL, CUM, and BUZ are active.

(..){21}[2367ABEF][08][2367ABEF][08](..){12}[4-7C-F][08].*

SESSION_MANAGEMENT

Shows if the new ABAP session management is active.

This configuration store shows if the field ICF_CONTROL of table ICF_SESSION_CNTL has a value > 0 in a client (availalbe per connected client to SAP Solution Manager). You maintain the session management setting in transaction SICF_SESSIONS.

Online documentation - Activating HTTP Security Session Management on AS ABAP
http://help.sap.com/saphelp_nw73/helpdata/en/bb/1bcf2122fd4a76948816b1342f20d7/content.htm

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_SESSION_MANAGEMENT

SECURITY

SESSION_MANAGEMENT

Example Content of SESSION_MANAGEMENT

NAME(K)

VALUE(D)

SESSION_MANAGEMENT

ACTIVE

USER_PASSWD_HASH_USAGE

 Shows the distribution of the different password hash types ( BCODE  PASSCODE / PWDSALTEDHASH)

See also Why you should really get rid of old password hashes *NOW* posted by joris van de Vis in SCN Security on May 8, 2014 9:01:30 AM.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_USER_HASH_USAGE

SECURITY

PASSWORD_HASHING

Example Content of USER_PASSWD_HASH_USAGE

USER_TYPE(K)

BCODE(K)

PASSCODE(K)

PWDSALTEDHASH(K)

NUM_USER(D)

PERC_USER(D)

COMMUNICATION

UNUSED

UNUSED

USED

40

21.05

COMMUNICATION

UNUSED

USED

UNUSED

145

76.32

COMMUNICATION

USED

UNUSED

UNUSED

5

2.63

DIALOG

UNUSED

UNUSED

UNUSED

22

1.63

DIALOG

UNUSED

UNUSED

USED

711

52.74

DIALOG

UNUSED

USED

UNUSED

496

36.80

TDDAT

Contains authorization class for specific (hard coded) tables SSF_PSE_* and  USR* and  USH*

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_TDDAT

SECURITY

TDDAT

Example Content of TDDAT

TABNAME(K)

MCLASS(D)

CCLASS(D)

FLAG(D)

SSF_PSE_D


SPSE


SSF_PSE_H


SPSE


USH02


SPWD


USH02_ARC_TMP


SPWD


USH04


SC


USH10


SC


TDDAT_TABLES**

 Like config store TDDAT but allows to specifiy the tables checked in the store customizing. 

You can choose patterns like T77* or US+02 for customizing field table name.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_TDDAT_TABLES

SECURITY

TDDAT

LOCKED_TRANSACTIONS***

Contains all transactions which have been locked ( columns: TRANSACTION / TEXT)

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_LOCKED_TRANSACTIONS

SECURITY

TRANSACTIONS

Example Content of LOCKED_TRANSACTIONS

TRANSACTION(K)

TEXT(D)

RSA1

Modeling - DW Workbench

SWF_DEBUG

Edit Workflow Breakpoints

VSCAN_GROUP and VSCAN_SERVER***

Provide information about the Virus Scan Adapter. For more information see here:  help.sap.com

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SECURITY_VSCAN_GROUP

SECURITY

VSCAN

Content of VSCAN_GROUP

SCANGROUP(K)

BADI_IMPL(D)

MIME


Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Technical System

TABLE

CMD_SECURITY_VSCAN_SERVER

SECURITY

VSCAN

Example Content of VSCAN_SERVER

NAME(K)

TYPE(D)

SCANGROUP(D)

STATUS(D)

ASNAME(D)

TRACELEVEL(D)

CODEPAGE(D)

INITINTERVAL(D)

MAX_INSTANCES(D)

CONFIG_FILE(D)

DIR_EXECUTABLE(D)

VSA_LIB(D)

INSTANCE_NAME(D)

VSA_LDCISID

ADAPTER

MIME

ACTV

ldcisid_SID_00

0

0000

0024

000



/opt/bowbridge/libAVB31.so


VSCAN_LDCISID

SERVER

MIME

ACTV

ldcisid_SID_00

0

0000

0024

000



/opt/bowbridge/libAVB31.so


Config Stores dealing with Critical User Authorizations

AUTH_COMP_CHECK_USER**

User authority check store based on authorization combinations

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_AUTH_U1_AC

AUTHORITY

USERS

Example Content of AUTH_COMB_CHECK_USER

COMB_ID(K)

RC(D)

USER(K)

MODIFY_SMSETUP


USER001

MODIFY_SMSETUP


USER002

MODIFY_SMSETUP


USER003

MODIFY_SMSETUP


USER004

MODIFY_SMSETUP


USER005

MODIFY_SMSETUP


USER006

AUTH_PROFILE_USER**

User profile check store (Default: users having SAP_ALL profile) based on profiles

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_AUTH_PROFILE_USER

AUTHORITY

PROFILES

 Example Content of AUTH_PROFILE_USER

PROFILE(K)

USER(K)

RESULT(D)

USER_TYPE(D)

SAP_ALL

USER001

USER_IS_AUTHORIZED

DIALOG

SAP_ALL

USER002

USER_IS_AUTHORIZED

DIALOG

SAP_ALL

USER003

USER_IS_AUTHORIZED

DIALOG

SAP_ALL

AGS_SM_SETUP

USER_IS_AUTHORIZED

SERVICE

SAP_ALL

WFBATCH

USER_IS_AUTHORIZED

DIALOG

SAP_ALL

ALEREMOTE

USER_IS_AUTHORIZED

DIALOG

ŸColumn USER_TYPE has been added with ST-A/PI 01R*

AUTH_PROFILE_USER_CHANGE_DOC***

User change documents showing SAP_ALL assignments. Including the timestamp of the event in the managed system and also the user who did the asignment.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

EVENT

CMD_USER_CHANGE_DOC

AUTHORITY

PROFILES

Example Content of AUTH_PROFILE_USER_CHANGE_DOC

USER(K)

ACTION(K)

PROFILE(K)

MODIFIED_BY(D)

CHARM_DUMMY

DELETED

SAP_ALL

USER04

BUSER01

DELETED

SAP_ALL

USER01

BUSER02

DELETED

SAP_ALL

USER02

BUSER03

DELETED

SAP_ALL

USER03

BUSER04

DELETED

SAP_ALL

USER03

BUSER05

DELETED

SAP_ALL

USER03

AUTH_TRANSACTION_USER**

User transaction check store based on transactions. Based on customizing.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_AUTH_TRANSACTION_USER

AUTHORITY

TRANSACTIONS

AUTH_ROLE_USER**

Contains user to role relations. Based on customizing

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_CHECK_ROLE_USER

AUTHORITY

ROLE_USER

AUTH_USER_TYPES**

Contains user type information. Based on customizing.

This ConfigStore allows to check for users of a specific user type. The customizing consists of three fields:

'Check Id'          A character field of length 30 used as identifier of a check in the customizing and the store content.
'User Name'      A dedicated user or a user pattern can be used here.
 'User type'         The following values are allowed: 'DIALOG', 'SYSTEM', 'COMMUNICATION', 'REFERENCE', 'SERVICE' and '*' for all user types.
 The ConfigStore must not be used to upload mass data. The intention of this Store is to check dedicated users and or may be small user groups which can be selected using a user pattern.

Typical use case:
Check if WF-BATCH or other powerful technical users have user type “system”.

Additional Information

Landscape Object

Store Type

Extractor Name

Alias

Sub Alias

Client

TABLE

CMD_CHECK_USER_TYPES

AUTHORITY

USER_TYPES

Config Stores dealing with Role Configuration

AUTH_COMP_CHECK_ROLE**

Role check store based on authorization combinations

Ÿ AUTH_PATTERN_ROLE** 

Role check store based on naming pattern

Use this store to get a list of role names into the CCDB. In the customizing  of the ConfigStore you enter patterns like Z* into the value column. You can ignore the parameter column. Limitation: Only the * is recognized as a pattern character but not the + sign as you might expect it.

AUTH_P_ABAP_ROLE**

Roles granting access to HR Reports (P_ABAP = Authorization object that is used during the authorization check for HR Reports)

AUTH_INDI_MAINT_ORGA_ROLE** 

Roles having individuel maintained organizational elements

AUTH_DISPLAY_ROLE**

Display roles with non-dispaly authorizations. You have to define customizing describing the role names (use * to describe generic names) which should be checked.
Customizing table contains 2 column: Parameter and Value.  Each Entry needs an unique Parameter entry (just start with ROLE0001 for the first entry and ROLE0002 for the second entry and so on). Value contains the role name (support wildcard *).

AUTH_INFOTYPE_ROLE**

Roles with InfoTypes

AUTH_3RD_PARTY_ROLE**

3rd party roles with unexpected authorizations

AUTH_SENSI_TRANSACTION_ROLE**

Roles with access to sensitive transactions

AUTH_SENSI_TABLES_ROLE**

Roles with access to sensitive tables

AUTH_GEN_ORGA_ELEM_ROLE**

Roles with generic organisations elements


Abbreviations

* Added with 7.10 SPS10

** Config store customizing available / necessary

*** Added with 7.2 SP03

**** Added with 7.2 SP05


  • No labels

5 Comments

  1. Rene Muth

    move content out of comment (smile)

  2. Rene Muth

     

    Content of 7.10 SPS08

  3. Rene Muth

     

    Added Content of 7.10 SPS10

  4. Rene Muth

    Update the content description for ABAP. Added content examples

  5. Mattias Umlauf

    Hi Rene,

    thanks for sharing the store documentation. Unfortunately info about store AUTH_INFOTYPE_ROLE is quite short. Could you plaese provide info about the customizing. How can I check what user roles also include infotypes? What is Object, Field Name and From in this case?

    Thanks a lot in advance (smile)

    Regards,

    Mattias