Skip to end of metadata
Go to start of metadata

How to prepare basic reporting

The standard reports of Configuration Validation are not optimized for specific Target Systems respective Configuration Stores. Therefore, we suggest the following optimization of the layout of reports. You can store the resulting layout, e.g. as a bookmark. (If you are familiar with BW reporting you can of course define your own web templates.) 

Example for an original report:

 

 

Result after optimization:

 

 

Remove columns which you do not need for reporting (e.g. Goto,Last Check [UTC]) using the right-click context menu function ‘Remove Drilldown’ on the column header:

 

 

General tips:

  • If a Target Systems contains just one Configuration Store you can omit the column ‘ConfigStore Name’.
  • Activate the Enhanced Menu and swap the field ‘System’ with the field ‘SAP System ID’ if you do not need the installation number.
  • Add one of the columns ‘Instance’, ‘Instance Name’ or ‘Host Name’ for instance specific configuration items like profile parameters if you want detailed results instead of aggregated results.
  • Add the column ‘Client’ for client specific configuration items like users having critical authorizations.
  • Swap the column ‘Value of Target System’ with ‘Cv. DataOperator’ to get the target values together with the validation operators.
  • You can swap the columns ‘SAP System ID and ‘Config. Item’ to sort the list by configuration item instead of the system.

Finally, you can store the layout including selection and filters as a bookmark:

  1. Use the right-click context menu on any active element to create the bookmark URL
  2. Copy the URL from the new window.
    A bookmark URL looks like this:
    http://<server>:<port>/sap/bw/BEx?SAP-LANGUAGE=EN&BOOKMARK_ID=00O2TR7Q28TH89DU346F6QDXP
  3. Store the bookmark URL in your favorites or create a Bookmark within Configuration Validation reporting in a specific group:

  4. Now you can easily call the report using this bookmark

Optimized reporting for specific Configuration Stores

The standard reports show some general columns by default. Depending on the Configuration Stores which are part of the Target System it is useful to swap some of the columns and to add more to get a better result.

If not stated otherwise the recommended operator validation reports are

0TPL_0SMD_VCA2_NCOMPL_CI_REF 
Shows non-compliant configuration items (config stores and configuration items selectable)

or

0TPL_0SMD_VCA2_CITEMS_REF
Shows all configuration items (config stores and configuration items selectable)

Configuration Store ABAP_INSTANCE_PAHI

This store shows profile parameters.

Recommended column layout:

Column

Example(s)

Comment

SAP System ID

XS2

System

Instance or Instance Nane or  Host Name

mo-1ea744416_XS2_00

Required column as profile parameters could be instance specific

Config. Item

login/min_password_lng

login/password_downwards_compatibility

icm/server_port_0

Profile parameter

Config. Item Value

6

0

PROT=HTTP,PORT=8001,TIMEOUT=30,PROCTIMEOUT=60

Value

Cv. DataOperator

>= 8

Not equal 5

Regex .*PROT=HTTPS.*

Operator rule

Compliance

Yes

No

Item not found

 

Compliant

0,001

1,000

Not compliant

Compliant

 

Example (different sort, combined result for all instances):

 

Configuration Store AUDIT_CONFIGURATION

This store shows the static configuration as well as the run-time settings of the Security Audit Log.

Currently it is not possible to define valuable check rules for configuration items  /AuditConfiguration/Slot

Therefore it is useful to filter out these configuration items by selecting only the relevant configuration items on the variables selection screen of the BW report (The example uses a Target System having two Configuration Stores):

 Instead of selecting relevant values right from the beginning you can filter for them afterwards as well:

Recommended column layout:

Column

Example(s)

Comment

SAP System ID

XS2

System

Instance or Instance Nane or  Host Name

mo-1ea744416_XS2_00

Required column as profile parameters could be instance specific

Config. Item

/AuditConfiguration

Run-time audit settings

Config. Item Value

<Enabled=Yes><SlotCount=10>

 

Cv. DataOperator

 

Operator rule

Compliance

Yes

No

Not valuated

Item not found

 

Compliant

0,001

1,000

Not compliant

Compliant

 Example:

Configuration store AUTH_COMB_CHECK_ROLE

This store shows roles containing critical authorizations.

You can start with following report as well:

0TPL_0SMD_VCA2_ROLES
Role Validation (Config Repository AUTH..ROLE Selection in Selection Variable Popup)

In this case you get different column labels as shown below.

Recommended column layout:

Column

Example(s)

Comment

SAP System ID

XS2

System

Client

001

Required column as users are client specific

Config. Item / Role

SAP_BPC_ADMIN

Role

Config. Item Value / Authorization/Combination

STCODE_TCD_STAR

Critical combination ID

Compliance

No

Item not found

This role contains critical authorizations

 

Compliant

0,001

1,000

Not compliant

Compliant

 

Example:

 


Configuration Store AUTH_PROFILE_USER

This store shows user assignments to critical authorization profiles and missing required profiles.

Recommended column layout:

Column

Example(s)

Comment

SAP System ID

XS2

System

Client

001

Required column as users are client specific

Config. Item

DDIC

User

Config. Item Value

SAP_ALL

Profile

Value of Target System

DDIC

*

User who is allowed to have this critical profile

All remaining users

Cv. OpLowValue

NONE

USER_IS_AUTHORIZED

Critical profile should not be assigned to the user

Required profile should be assigned to the user

Compliance

Yes

No

Item not found

No user has this critical profile assignment

This user has this critical profile assignment

Missing required profile assignment

Compliant

0,001

1,000

Not compliant

Compliant

 

Lines showing ‘Item not found’ describe users who are allowed to have a critical profile but which are not assigned to this profile. If you consider these entries as ‘ok’ you can hide them using a filter for column ‘Compliance

 

Example for a filtered result:

 

 

  • No labels