If you have ever seen a pop-up like this when you tried to up- or download files
or lists from your SAP system? And did you ask yourself where this
pop-up comes from and how to avoid it? First learn some basics about
this topic and then read a step by step approach how to avoid the
pop-up:
The download and upload of files has been seen as a security gap by many
customers. Therefore SAP delivered with SAPGui 7.20 a general security
setting which can’t be deactivated by users. The following security
pop-up is a result of the new security setting:
Where to change the settings
You can find the settings for this topic under „Options“ of the SAP Logon pad:
You will see different security rules that are inserted by the following:
- by SAP® AG
- by administrators of the SAP®-Systems or
- by the users themselves
Rules inserted by SAP® AG or administrators can’t be amended, but could be overruled by user rules.
Once a pop-up shows up and you confirm with „always…“ or „in this context…“ the system creates a user rule .
The rule contains the following data:
Where to change the settings
You can find the settings for this topic under „Options“ of the SAP Logon pad:
You will see different security rules that are inserted by the following:
- by SAP® AG
- by administrators of the SAP®-Systems or
- by the users themselves
Rules inserted by SAP® AG or administrators can’t be amended, but could be overruled by user rules.
Once a pop-up shows up and you confirm with „always…“ or „in this context…“ the system creates a user rule .
Let us give you an example:
We execute the report RPLMIT00 (You can use every other report that produces a list) for a selected personnel number and save the list unconverted in a file. We confirm the pop-up (fig. 1) with "Always allow in this context". This leads to a new rule as shown in figure 4.
We execute the report RPLMIT00 (You can use every other report that produces a list) for a selected personnel number and save the list unconverted in a file. We confirm the pop-up (fig. 1) with "Always allow in this context". This leads to a new rule as shown in figure 4.
The rule contains the following data:
- the name of the SAP system
- the SAProuter String of the chosen system
- the client
- the transaction
- the screen name (SAPLKKBL refers to a list based on the ABAP List Viewers (ALV))
- the access type (write, read etc.)
- the action (allow, deny etc.) and
- the state (enabled, disabled etc.)
You can change these parameters when you double click on the rule. E.g., if you choose „*“ for „all“ you are able to avoid many security checks. Also administrators can enter rules this way for all users since this topic is actually one for the basis team.
- the SAProuter String of the chosen system
- the client
- the transaction
- the screen name (SAPLKKBL refers to a list based on the ABAP List Viewers (ALV))
- the access type (write, read etc.)
- the action (allow, deny etc.) and
- the state (enabled, disabled etc.)
You can change these parameters when you double click on the rule. E.g., if you choose „*“ for „all“ you are able to avoid many security checks. Also administrators can enter rules this way for all users since this topic is actually one for the basis team.
More information about this you can find in the SAP GUI Security Guide under 2.5.
0 comments:
Post a Comment