Addressing
Security, Performance, and Usability Concerns in SAP® Security Requirements
Using Winshuttle Transaction
Winshuttle - Is a Third Party tool.It extracting data from SAP to Excel.
Transaction Authorization Requirements
Transaction Authorization via SAP GUI:
Transaction cannot run a Transaction if you cannot run that Transaction in the SAP GUI. If you do not have access to a particular Transaction, please obtain authorization for it before you record or run that Transaction in Transaction.
Remote Function Calls (RFC) Authorization:
Transaction makes RFC calls to SAP. You must have this additional access assigned to you. In most cases, these authorizations are already assigned to you. The following objects with the indicated values should be in your SAP user profile for working with Transaction.
For the S_RFC Authorization Object:
• Field RFC_TYPE Value FUGR (function group)
• Field ACTVT Value 16 (execute) or *
• Field RFC_NAME
The following values are required for running shuttle files:
SYST, SRFC, SUSO, RFC1, RFCH, SBDC, ATSV, STTF, SDTX
The following additional values are required for recording shuttle files:
SBDR, SCAT, STTM, SDTX
Table Level Authorizations:
Transaction can get logs, extended comments, field descriptions, and messages during debug process. For this, the user must have access to few tables. Table level access is controlled by authorization object S_TABU_DIS. Transaction needs access to these tables: T100, TFDIR, DD03L, DD04L, TSTCT, D020T, and DD03M.
To enable this access, please setup the following authorization:
Authorization Object: S_TABU_DIS
Field Authorization Group (DICBERCLS) = SS, &NC&
Field Activity (ACTVT) = 03 (Display only)
GUI Scripting Authorizations:
In addition to RFC calls, Transaction also provides access to the SAP system using the SAP GUI Scripting mode. Users can check that they have the correct authorizations in SAP from within the Transaction UI.
Summary:
Loading data into and extracting data from your SAP system is a critical activity that requires the proper controls, security and workflows. In order to be adequately protected, it is best to use existing security profiles and controls. Additionally, Governance, Risk and Compliance (GRC) best practices require complete traceability of these activities.
Winshuttle Transaction Security Workflow:
In order to perform user-enabled data loading, it is critical to apply the proper controls, security, and workflows to ensure that SAP Transactional data is fully protected end-to-end. A good data governance best practice to follow is to ensure that any software that is integrated with SAP to perform data loads must be SAP-certified.
Tested by SAP, Winshuttle Transaction has received the “Powered by SAP NetWeaver” and “SAP Certified Integration” certifications. Transaction works natively with SAP security technology and uses standard SAP authorization profiles to restrict user access, preserving SAP security standards at all times. With Transaction, there are no “back doors”. Figure 2 demonstrates the security workflow that Transaction uses to log on to the SAP system and communicate with SAP via the RFC communication protocol to perform uploads and downloads.
1. When the Transaction user logs on, they are authenticated using their credentials from the SAP server as if they are logging on to the SAP server using SAP GUI.
2. The Transaction user requires RFC authorization in SAP to allow remote access to SAP functions. User RFC authorization is controlled by the SAP authorization object S_RFC. See the “Transaction Authorization Requirements” section below for more information.
3. The user’s SAP system credentials provide the authorization to run Transaction with a specific SAP Transaction. This ensures that the Transaction user can transfer data only to the SAP Transactions to which the user is authorized. For example, in order to create additional master records, the user must be authorized to run the MM01 Transaction. In addition, Winshuttle’s Central product enables SAP system administrators to establish fine grained control of usage for Transaction users. See the “Central” section below for more information.
4. Transaction reads data from one or several Excel files or Access tables, converts the data from its source format to the SAP target format, and performs an RFC CALL Transaction function in SAP. If the Transaction cannot be finished due to a lack of required data, data inconsistencies, or for any technical reason, SAP rolls back the Transaction in a way similar to a manual Transaction update.
5. When the CALL Transaction is completed, either a success or failure message is passed from SAP to Transaction. Transaction writes the messages returned by SAP for each CALL Transaction back into the Excel file or Access Table.
Any Doubts Please Watch and like : https://youtu.be/fHJpQ7k2Tgshttps://youtu.be/fHJpQ7k2Tgs
Winshuttle - Is a Third Party tool.It extracting data from SAP to Excel.
Transaction Authorization Requirements
Transaction Authorization via SAP GUI:
Transaction cannot run a Transaction if you cannot run that Transaction in the SAP GUI. If you do not have access to a particular Transaction, please obtain authorization for it before you record or run that Transaction in Transaction.
Remote Function Calls (RFC) Authorization:
Transaction makes RFC calls to SAP. You must have this additional access assigned to you. In most cases, these authorizations are already assigned to you. The following objects with the indicated values should be in your SAP user profile for working with Transaction.
For the S_RFC Authorization Object:
• Field RFC_TYPE Value FUGR (function group)
• Field ACTVT Value 16 (execute) or *
• Field RFC_NAME
The following values are required for running shuttle files:
SYST, SRFC, SUSO, RFC1, RFCH, SBDC, ATSV, STTF, SDTX
The following additional values are required for recording shuttle files:
SBDR, SCAT, STTM, SDTX
Table Level Authorizations:
Transaction can get logs, extended comments, field descriptions, and messages during debug process. For this, the user must have access to few tables. Table level access is controlled by authorization object S_TABU_DIS. Transaction needs access to these tables: T100, TFDIR, DD03L, DD04L, TSTCT, D020T, and DD03M.
To enable this access, please setup the following authorization:
Authorization Object: S_TABU_DIS
Field Authorization Group (DICBERCLS) = SS, &NC&
Field Activity (ACTVT) = 03 (Display only)
GUI Scripting Authorizations:
In addition to RFC calls, Transaction also provides access to the SAP system using the SAP GUI Scripting mode. Users can check that they have the correct authorizations in SAP from within the Transaction UI.
Summary:
Loading data into and extracting data from your SAP system is a critical activity that requires the proper controls, security and workflows. In order to be adequately protected, it is best to use existing security profiles and controls. Additionally, Governance, Risk and Compliance (GRC) best practices require complete traceability of these activities.
Winshuttle Transaction Security Workflow:
In order to perform user-enabled data loading, it is critical to apply the proper controls, security, and workflows to ensure that SAP Transactional data is fully protected end-to-end. A good data governance best practice to follow is to ensure that any software that is integrated with SAP to perform data loads must be SAP-certified.
Tested by SAP, Winshuttle Transaction has received the “Powered by SAP NetWeaver” and “SAP Certified Integration” certifications. Transaction works natively with SAP security technology and uses standard SAP authorization profiles to restrict user access, preserving SAP security standards at all times. With Transaction, there are no “back doors”. Figure 2 demonstrates the security workflow that Transaction uses to log on to the SAP system and communicate with SAP via the RFC communication protocol to perform uploads and downloads.
1. When the Transaction user logs on, they are authenticated using their credentials from the SAP server as if they are logging on to the SAP server using SAP GUI.
2. The Transaction user requires RFC authorization in SAP to allow remote access to SAP functions. User RFC authorization is controlled by the SAP authorization object S_RFC. See the “Transaction Authorization Requirements” section below for more information.
3. The user’s SAP system credentials provide the authorization to run Transaction with a specific SAP Transaction. This ensures that the Transaction user can transfer data only to the SAP Transactions to which the user is authorized. For example, in order to create additional master records, the user must be authorized to run the MM01 Transaction. In addition, Winshuttle’s Central product enables SAP system administrators to establish fine grained control of usage for Transaction users. See the “Central” section below for more information.
4. Transaction reads data from one or several Excel files or Access tables, converts the data from its source format to the SAP target format, and performs an RFC CALL Transaction function in SAP. If the Transaction cannot be finished due to a lack of required data, data inconsistencies, or for any technical reason, SAP rolls back the Transaction in a way similar to a manual Transaction update.
5. When the CALL Transaction is completed, either a success or failure message is passed from SAP to Transaction. Transaction writes the messages returned by SAP for each CALL Transaction back into the Excel file or Access Table.
Any Doubts Please Watch and like : https://youtu.be/fHJpQ7k2Tgshttps://youtu.be/fHJpQ7k2Tgs
there is a new approach with Studio v11 which makes use of custom roles more info is available here . http://winshuttle-help.s3.amazonaws.com/studio/en/connect-sap/help/11/custom-roles.htm
ReplyDeleteWinshuttle has a broad security vision that spans from validated entry to guaranteed compliance with SAP security. You cannot only provide user level access to SAP that aligns with data security protection already set up in SAP, but you can also add another level of security to control who has access to data. This insulates users from the complexities of SAP and allows you to quickly adapt to evolving market needs.
ReplyDelete