Early Watch Alert Reports in Security


The SAP EarlyWatch Report gives you detailed information about system status, performance, configuration, system operation, database administration and trends.
EWA alerts report  will be generated by Solution manager.


Features :
The following system data is captured in a week and passed to the SAP Solution Manager:
  • General component status
  • System configuration
  • Hardware
  • Performance development
  •  Average response times 
  •  Current system load 
  • Critical error messages and process interruptions
  •  Database administration
The system processes the downloaded data. You can display the report as an HTML document. You can also create the report as an MS Word document. You can use the documents as status reports. These reports can help you analyze and avoid problems. 


Alerts :
·         Default Passwords of Standard Users
·         Users Authorized to Display all Tables
·         Users Authorized to Reset/Change Users Passwords
·         Users Authorized to start all Reports
·         Users Authorized to Debug/Replace
·         Users Authorized to Display Other Users Spool Request
·         Users Authorized to Administer RFC Connections




1. How many users have access to tables?
·         Object 1: S_TCODE with TCD=SE16, TCD=SE16N, TCD=SE17, TCD=SM30, or TCD=SM31
·         Object 2: S_TABU_DIS with ACTVT = 03 or 02 and DICBERCLS = *
2. How many user have access to se38, SP01 display other user spool and su01 change password?
 All these are security related issues and you need to get Authorization team involved in to it to which all users to have what access.


Actions:
Default Passwords of Standard Users 
Connect to the SAP system using SAP* user with the default password PASS.
You need to create the user SAP* in the missing client and set a non standard password.
Most importantly you need to make sure that the profile parameter login/no_automatic_user_sapstar is set to 1.
Ensure that:
- User SAP* exists in all clients
- Users SAP*, DDIC, SAPCPIC, and EARLYWATCH have non-default passwords in all clients
- Profile parameter login/no_automatic_user_sapstar is set to 1.

Another one set  parameters in RZ10 as  login/no_automatic_user_sapstar=0 you need to change it to 1 and get system rebooted.




Labels:

1 comment:

Afreen said...

Hi Sid, Good document

5:09 pm

Post a Comment

Subscribe to: Post Comments (Atom)