a month ago
Hello everyone, I have lost access to my old account, didn't get the universal ID on time, so the account was deleted. So reposting my old blogs from the new account. This might not be up to date with current versions. But more or less, would be similar.
Link to the old blog post is - https://community.sap.com/t5/application-development-blog-posts/how-to-extract-security-optimization...
Blog Post ---------
Hello Everyone… So, this post is about how to run Security Optimization Service (SOS) Report in Solman 7.2. I am writing this because i could not find much about this on internet. Firstly, SOS report identifies potential security issues and provides recommendations on how to improve the security of your system. SOS report can be run on Solman 7.0, 7.1 and 7.2 versions.
Please follow the below steps to run the SOS report in Solman 7.2
2. A new tab will open and Click on My Sessions. Then click on Create new session.
3. Choose Security Optimization Service Session from the list and click on Next:
4. Assign the Technical system and then click on Next
5. Mention the details about the report and click on Next:
6. Click on Finish in review stage, a new tab will open
7. Select the option and click on Test Selected Destination. Accordingly, put the credentials and Click Ok
The status will go Green, if not then some issues with the ST14 access. Click on Next and navigate to 1.2 Assign Questionnaire.Note -> there will be multiple options with 000 and productive clients based on the RFC’s. You can choose Productive client and it will extract the data from all the clients.
8. We can assign questionnaire in this step, i.e. we can maintain the exception list of administrators who should have elevated access. The same names will not appear in the SOS report. Will write another post on how to maintain the questionnaire. Here we are skipping this step. Click on next and navigate to step 1.3 Choose/Schedule Data Collection.
9. In this step, we have to run the ST14 job, which will run in the backend system and extract the data for the system and all the clients. Click on Schedule New ST14 Analysis run. It might ask for credentials again, if it does, please maintain one which has access to ST14 in the target system. Right away the job will be released. Navigate to the next step, i.e. 1.4 Customize Report Output. Or you may use the data from earlier run of ST14 job.
10. Navigate to next step, i.e. Customize Report Output. In this step, we can customize the report output.
11. Click on Next and it will take to 2nd Step, Analyze. You cannot Run analysis unless the Data Collection job is complete. It usually takes 5-10 minutes with minimal load on system. Once the Data Collection is complete, the status will turn to Green from Yellow.
Click on Perform Analysis
This will show the SOS report output on the screen. We can still delete the entries from this output such as if there are any exceptions and not maintained in Questionnaire already. And the same will not be part of the final report.
12. To generate the report in PDF or word format, navigate to 3rd Step, i.e. Report. You will get the confirmation box, click on Yes. And then click on Create Report and choose one option among SOS Report or SOS Report with questionnaire. The report generation takes 2-10 minutes based on the output of report. Once the report is generated, it will be available for download in the same session.
The objectives of SAP Security Optimization are:
- To analyze the technical configuration of your SAP system for security risks
- To provide a summarized overview of the implemented security level
The security checks of SAP Security Optimization are performed for the following security aspects:
- Availability,Integrity, Authenticity, Confidentiality, Compliance
For the violations related to critical access, the report shows the number of violations in system across clients and even the object details which causes the violation, e.g. fr control "Users - other than System Administrators - are Authorized to Maintain Trusted Systems (0240)" the object details are mentioned as below:
The report can work as a customized dashboard, we can maintain the exceptions and save it in questionnaire, those exceptions will not pop up in the SOS reports.
Request clarification before answering.
User | Count |
---|---|
74 | |
30 | |
9 | |
7 | |
7 | |
6 | |
6 | |
4 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.