I came to this company 1yr ago and noticed immediately they had not implemented Security!!! SAP_ALL for everyone in Production!!!
So as my second BIG project I took on, Security. In building the profiles for these people I came across 2 problems which are holding me from rolling out these profiles I built, which are based on the same problem, an outside system coming into SAP.
Since everyone had SAP_ALL or NEW we had no problems but restricting the Authority has shut down the operation and accessibility of these 2 outside systems which are very necessary.
1st problem and biggest is we have a VB frontend to SAP for easy order taking for Custom Service Dept.
I found out the design/programmer used a VB call into SAP via a VB BAPI that will allow MS into SAP.
He did not setup an RFC via SM59 or a Trusted RFC, and has no call for Call Function: for Authority_Check_RFC in the VB program, which prevents the Login and Security check being passed allowing access!
I told them this would not work with out the Call Function: from the VB program as a start and if it doesn’t work we need to do the RFC via SM59 or STV1.
It’s gotten personal and they think I have not setup S_RFC with proper Authorization but in order to do that you need Object Group AAAB, take S_RFC and throw out the rest, but I still don’t see that as a solution w/o the Call Function in the VB program!
What say you?
April 2, 2008 3:16 PM
September 12, 2008 12:29 AM