How to prepare basic reporting
The standard reports of Configuration Validation are not optimized for specific Target Systems respective Configuration Stores. Therefore, we suggest the following optimization of the layout of reports. You can store the resulting layout, e.g. as a bookmark. (If you are familiar with BW reporting you can of course define your own web templates.)
Example for an original report:
Result after optimization:
Remove columns which you do not need for reporting (e.g. Goto,Last Check [UTC]) using the right-click context menu function ‘Remove Drilldown’ on the column header:
General tips:
- If a Target Systems contains just one Configuration Store you can omit the column ‘ConfigStore Name’.
- Activate the Enhanced Menu and swap the field ‘System’ with the field ‘SAP System ID’ if you do not need the installation number.
- Add one of the columns ‘Instance’, ‘Instance Name’ or ‘Host Name’ for instance specific configuration items like profile parameters if you want detailed results instead of aggregated results.
- Add the column ‘Client’ for client specific configuration items like users having critical authorizations.
- Swap the column ‘Value of Target System’ with ‘Cv. DataOperator’ to get the target values together with the validation operators.
- You can swap the columns ‘SAP System ID’ and ‘Config. Item’ to sort the list by configuration item instead of the system.
Finally, you can store the layout including selection and filters as a bookmark:
- Use the right-click context menu on any active element to create the bookmark URL
- Copy the URL from the new window.
A bookmark URL looks like this:
http://<server>:<port>/sap/bw/BEx?SAP-LANGUAGE=EN&BOOKMARK_ID=00O2TR7Q28TH89DU346F6QDXP - Store the bookmark URL in your favorites or create a Bookmark within Configuration Validation reporting in a specific group:
- Now you can easily call the report using this bookmark
Optimized reporting for specific Configuration Stores
The standard reports show some general columns by default. Depending on the Configuration Stores which are part of the Target System it is useful to swap some of the columns and to add more to get a better result.
If not stated otherwise the recommended operator validation reports are
0TPL_0SMD_VCA2_NCOMPL_CI_REF
Shows non-compliant configuration items (config stores and configuration items selectable)
or
0TPL_0SMD_VCA2_CITEMS_REF
Shows all configuration items (config stores and configuration items selectable)
Configuration Store ABAP_INSTANCE_PAHI
This store shows profile parameters.
Recommended column layout:
Column | Example(s) | Comment |
SAP System ID |
| System |
Instance or Instance Nane or Host Name |
| Required column as profile parameters could be instance specific |
Config. Item |
| Profile parameter |
Config. Item Value |
| Value |
Cv. DataOperator |
| Operator rule |
Compliance |
|
|
Compliant | | Not compliant Compliant |
Example (different sort, combined result for all instances):
Configuration Store AUDIT_CONFIGURATION
This store shows the static configuration as well as the run-time settings of the Security Audit Log.
Currently it is not possible to define valuable check rules for configuration items /AuditConfiguration/Slot
Therefore it is useful to filter out these configuration items by selecting only the relevant configuration items on the variables selection screen of the BW report (The example uses a Target System having two Configuration Stores):
Instead of selecting relevant values right from the beginning you can filter for them afterwards as well:
Recommended column layout:
Column | Example(s) | Comment |
SAP System ID |
| System |
Instance or Instance Nane or Host Name |
| Required column as profile parameters could be instance specific |
Config. Item |
| Run-time audit settings |
Config. Item Value |
|
|
Cv. DataOperator |
| Operator rule |
Compliance |
|
|
Compliant |
| Not compliant Compliant |
Example:
Configuration store AUTH_COMB_CHECK_ROLE
This store shows roles containing critical authorizations.
You can start with following report as well:
0TPL_0SMD_VCA2_ROLES
Role Validation (Config Repository AUTH..ROLE Selection in Selection Variable Popup)
In this case you get different column labels as shown below.
Recommended column layout:
Column | Example(s) | Comment |
SAP System ID |
| System |
Client |
| Required column as users are client specific |
Config. Item / Role |
| Role |
Config. Item Value / Authorization/Combination |
| Critical combination ID |
Compliance |
| This role contains critical authorizations
|
Compliant | | Not compliant Compliant |
Example:
Configuration Store AUTH_PROFILE_USER
This store shows user assignments to critical authorization profiles and missing required profiles.
Recommended column layout:
Column | Example(s) | Comment |
SAP System ID |
| System |
Client |
| Required column as users are client specific |
Config. Item |
| User |
Config. Item Value |
| Profile |
Value of Target System |
| User who is allowed to have this critical profile All remaining users |
Cv. OpLowValue |
| Critical profile should not be assigned to the user Required profile should be assigned to the user |
Compliance |
| No user has this critical profile assignment This user has this critical profile assignment Missing required profile assignment |
Compliant | | Not compliant Compliant |
Lines showing ‘Item not found’ describe users who are allowed to have a critical profile but which are not assigned to this profile. If you consider these entries as ‘ok’ you can hide them using a filter for column ‘Compliance’
Example for a filtered result:
