SAP security Note definition

** Myself
Security Note Information
->SAP Security Notes
 -> Security Notes Search

# Some Security Note level 2/3 may be upgrade to HotNews level
# Automatic check in EWA [Report yellow and red traffic light]

Security Note Level

Level
1  HotNews
2  Correction with high priority
3  Correction with medium priority
4  Correction with low priority
6  Recommendations/additional info

SAP HotNews are priority 1 (very high priority) SAP Notes for customers.
They tell you how to resolve problems that can cause the SAP system to shut down or lose data.
If such problems affect you, you must ensure that you comply with these SAP Notes


Security Note with The EWA report shows the following three sections:

"Missing recommendations"
This section shows the required security-relevant SAP Notes and HotNews.
HotNews are flagged with a red traffic light and notes are flagged with a yellow traffic light.

"Manually confirmed recommendations"
Report messages can also be confirmed manually.  This should only happen in exceptional cases that require it.
For example: You cannot implement a specific note using transaction SNOTE because you manually changed the affected program beforehand.  In this case, implement the corrections manually and confirm the message.

"Successfully implemented recommendations"
This section shows the security-relevant notes and HotNews that are required for the system and that are implemented successfully.
A note or a HotNews is no longer required if your system release or Support Package level already contains the correction. After the system is upgraded or Support Packages are imported, a note that was implemented earlier may no longer be listed.

Oracle Managing Optimizer Statistics System,Fix object,db,dictionary Statisitcs

** Web Collections
Gathered NOWORKLOAD system statistics
exec DBMS_STATS.GATHER_SYSTEM_STATS('NOWORKLOAD');

Gathered Fix object statistics
exec dbms_stats.gather_fixed_objects_stats('ALL');

Gather database statistics
begin
DBMS_STATS.GATHER_DATABASE_STATS (
estimate_percent =>100,
block_sample=>FALSE,
method_opt=>'for all columns size auto',
degree=>null,
cascade=>true,
no_invalidate=>false,
options=>'GATHER STALE',
gather_sys=>FALSE);

DBMS_STATS.GATHER_DATABASE_STATS (
estimate_percent =>100,
block_sample=>FALSE,
method_opt=>'for all columns size auto',
degree=>null,
cascade=>true,
no_invalidate=>false,
options=>'GATHER EMPTY',
gather_sys=>FALSE);
end;

Gather dictionary statistics
begin
DBMS_STATS.GATHER_DICTIONARY_STATS (
estimate_percent =>100,
block_sample=>FALSE,
method_opt=>'for all columns size auto',
degree=>null,
cascade=>true,
no_invalidate=>false,
options=>'GATHER STALE'
);

DBMS_STATS.GATHER_DICTIONARY_STATS (
estimate_percent =>100,
block_sample=>FALSE,
method_opt=>'for all columns size auto',
degree=>null,
cascade=>true,
no_invalidate=>false,
options=>'GATHER EMPTY'
);
end;

SAP Job Reorganize Spool requests are no longer deleted as of beginning of year 2011

** Myself
Solution I)
Apply Note 1532398 for solve because report RSPO1041 is invalid.
 
Solution II)
Maintain factory calendar (Refer Note 1532398 and Note 501670)
SCAL
->Factory calendar
->change
->ID: 01
-> valid to year 2XXX (Extend valid)
 
Solution III)
Create New Calendar and assign variant job reorg spool to new variant
Create New Calendar
SCAL
->Factory calendar
->New
->ID: YY
-> valid to year 2XXX (Extend valid)
Create New Variant
Se38
-> RSPO1041
->variants
->copy SAP&001 to New : ZXXX
-> Change
-> Calendar -> Factory calendar ID : YY (New Factory calendar)
Change New Variant to reorg spool job
Sm37
-> Job name : SAP_REORG_SPOOL and release
->Change
-> Step
-> Parameter ZXXX

How to find smartforms object class and object in Requests/Task

** Myself
Check Object class
smartforms
-> form <form name>
-> menu item Go to -> object directory entry
  -> Show object
Object R3TR SSFO <Object name>
Package <Package name>



 
Check Transport Request/Task
se03
-> R3TR SSFO <Object name>
-> execute
  -> Show history of request and Task

How to check linux on host VMWare or Not

** Myself
Check library
ls –ld /usr/lib/vmware-tools
Result show directory not null

--or--
Check daemon
/etc/init.d/vmware-tools status
Result show vm daemon
vmware-guestd is running

--or--
Check daemon

lsmod|grep -i vm
Result show vm module
vmmemctl 16968 0
vmci 40384 1 vsock
vmxnet 22788 0

SAP Test barcode

** Myself
System barcode
se73
-> system bar codes
clip_image002
 
Test barcode
so10
->SAPSCRIPT-BARCODETEST
clip_image004
Preview or Print to spool
clip_image006


Or
Spad-> Utilitiesà For device typesà Test data(SAPscript).

Enable SAPSTAR (Emergency User ) user for Dual Stack and Java Stack for change password DDIC/J2EE_ADMIN

** Credit Web&Myself

Enable SAPSTAR (Emergency User ) user for Dual Stack (change password DDIC/J2EE_ADMIN)

** Case working with a combined AS for ABAP + Java installation, then log on to the ABAP system as an administrator or the emergency user SAP* and create a new administrator for the J2EE Engine using the transaction SU01. on client 001 only

How to enable emergency sap* user for the Abap user

STEP-1: Enable "SAP*"
  1. Login to the SAP GUI ABAP
  2. transaction code ‘RZ10
  3. parameter ‘login/no_automatic_user_sapstar’
  4. Type the parameter value as ’0
  5. Copy-> Back->Copy-> Transfer ->Back-> Save
  6. Stop/Start the SAP Instance.
STEP-2: Login with "SAP*" visual admin
  1. Login to the SAP GUI ABAP
  2. Now try to login as sap* and Password as ‘pass’
  3. transaction code ‘su01
  4. Change DDIC/J2EE_ADMIN password -> save

STEP-3: Disable "SAP*"
  1. Login to the SAP GUI ABAP
  2. transaction code ‘RZ10
  3. parameter ‘login/no_automatic_user_sapstar’
  4. Type the parameter value as ’1′
  5. Copy-> Back->Copy-> Transfer ->Back-> Save
  6. Stop/Start the SAP Instance.
STEP-4: Login with "j2ee_admin"
17.
 http://<host>:<Port>/useradmin/index.jsp
18. Enter userid / Password as "j2ee_admin / <password>

19. it will ask change password just change
STEP-4: Login with "DDIC"

17. Login to the SAP GUI ABAP
18. Enter userid / Password as DDIC / <password>

19. it will ask change password just change

 

Enable SAPSTART (Emergency User) user for Java-Only (change password J2EE_ADMIN)

** The J2EE Engine is running as a Java-only installation.

    We cannot create user in portal. Once we create user in ABAP stack , we can login to portal using that user.
     If there is permission problem, please assign the permission to the respective user that is "manage_all" action.


SAP Defining Output Devices with Authorization Groups

** Myself
1.       Assign the output devices to a group
Example zpdf1 and zpdf2 to group ZPDF_GRP
spad->
 output device-> ZPDF1    Authorization Group -> ZPDF_GRP clip_image002
  spad->
   output device-> ZPDF2    Authorization Group -> ZPDF_GRP

  2.       Create/Assigned/Comparison the device authorization for the authorization group (object S_SPO_DEV)
Example zpdf1 and zpdf2 to group ZPDF_GRP  
Loading