topic Re: How to secure generated files? in Application Development and Automation Discussions

How to secure generated files?

Former Member — Mon, 19 Aug 2013 20:12:09 GMT

Our legal department wants to generate intellectual property files in our BI system for analytics and reporting, but wants us to ensure that no one will be able to access these files via SE16 table display or similar transactions. The files will not be transported, but generated with random names and prefixed with /BIC/ or /BI0/, so we are almost sure that we will not be able to create and prematurely add the files to S_TABU_DIS authorization groups. Does anyone have any ideas on what to do about this issue?

Re: How to secure generated files?

Former Member — Tue, 27 Aug 2013 06:54:26 GMT

Hi Dale,

Please get the confirmation on the following:

Where are these files getting generated? Are these files getting generated directly in BI System?

Normally BI system contains data for analytics, i.e data will be pushed from other systems lets say ECC, R3 Systems and the subsequent fields will be mapped in BI system.

Regards,

Ramakrishna Dadi

Re: How to secure generated files?

Former Member — Tue, 27 Aug 2013 18:17:46 GMT

Hi Ramakrishna Dadi,

The files are generated directly in BI system. That is the issue.

Dale

Re: How to secure generated files?

Former Member — Wed, 28 Aug 2013 06:53:02 GMT

Hi Dale,

If that is the case. Please take the help of Basis/ABAP guy to locate the target file location and route the files to a directory /usr/sap/temp/legal for e.g.

SAP provide a mechanism to restrict a user's access to certain files or directories
using the auth object S_PATH regardless of whether it is called by a program or not.

1. To reate a new auth group, run transaction SM30 and enter table SPTHB.
Choose maintain.

Choose New Entries and add a new auth group according to the organization's naming standard. I would suggest starting it with Z and three characters (e.g. ZNNN).

2. Press Save.

3. Link the Auth Group you created to the UNIX file system by creating an entry in
table SPTH via transaction SM30.

Individual files can also be secured by creating another auth group and assigning it at
the file level in SPTH.

Explore this option and try if you can succeed.

Regards,

Ramakrishna Dadi

Re: How to secure generated files?

Former Member — Wed, 28 Aug 2013 15:17:25 GMT

Thank you for your reply, Ramakrishna Dadi, however a colleague noticed that I posted 'generated files' when I should have said 'generated tables'. or tables generated directly in BI system with a blank authorization group. I apologize for that.

Dale

Re: How to secure generated files?

Former Member — Wed, 28 Aug 2013 21:52:05 GMT

This is one of the reasons why AA auths were integrated into RSA1 and S_TABU_NAM was developed. If you search for those terms you will find the original thread on it which discussed the solution with the developers.

Cheers,

Juliis

Re: How to secure generated files?

Former Member — Tue, 03 Sep 2013 20:26:44 GMT

Thank you for your advice, Julius,

These tables will be generated in production, so we aren't sure what the table names will be. We do know that the tables will be prefixed by /BIC/A (DSO Active Table) or /BIO/B (DSO Change Log) however. I don't see how we can restrict SE16 developer's access to these tables with S_TABU_NAM. I'm sure it is my ignorance, so please advise.

Thank you,

Dale

Re: How to secure generated files?

Former Member — Wed, 04 Sep 2013 05:34:28 GMT

The table does not have to exist (yet) to maintain s_tabu_nam.

So you can work out the name (spaces) from the DSOs and enter them. The authorization will not be destroyed together with the table...

Cheers,

Julius