Question:
Does anyone know where I can find a white paper or documentation regarding the security portion for an upgrade from 4.6c to 4.7.
Thanks,
Mark
Answer:
THere is not one, Basically the same as any upgrade, a couple of new objects a few abandoned, PFCG screen now looks like the workplace ( now called portal) version. You will have to perform the SU25 steps for post upgrade and then "merge-old-new" ( expert mode) in PFCG on every role.
Answer:
Reading the documentation on SU25 is very much worth the time.
The code checker (forget the transaction) is available in 47 and it checks for more than just authority check statements in code. Great tool if you are using a checklist for security on custom programs before they go to production.
What Checklist?
Also there are numerous transactions assigned to reports with variants already ready to run that are geared toward security audits. These have saved me alot of time. Most of them you could do in some other way in 46C but you had to have access to SE38 or SE16 etc. All of these delivered transactions allow you to run them without needing that. And I know that most of us techies would never be able to do without access to SE38, or other transactions, but it is still good to know that we can set up other Security Administrators on our team who do not need such access to have a list of transactions that are quite numerous that will allow them to run through all the checks necessary to audit and maintain SYSTEM, USER, and TABLE/REPOSITORY Security checks. And yes this could be done by creating your own transactions but it does not seem to me that many every take the time to do that. I would say that the design of the Role based Audit roles which present a complete menu of transactions to use for Security Checks has been a to huge help for many over worked Security Administrators to make it easy to start checking things they have been meaning to check but have not taken the time to setu up lists.
Happy Upgrade!
_________________
Gary Morris
SAP Security Analyst/Developer
garymorris@sapsecurity.net
Answer:
I was looking for the "code checker" in TSTCT on 4.7 and could not find it.
Does anybody know the transaction code?
Answer:
There has always been a scan report you can use to Look for anything ABAP code RSRSCAN I beleive is the name of the report. I ususally need otlook in SE38 search or find option to get it. Nice enough report but not particularly useful and it cannot tell you which PATH in the code the transaction will take and may show more authorizations than needed to perform the process. A ST01 trace for authorizations is by far more useful
Answer:
In 4.7 scan transaction is sci and scii I believe. As far as scan of ABAP code before I believe the report you are looking for is RSUNISCAN, is this correct?
Answer:
In 4.7 code scanner is sci or scii. I believe the old program is RSUNISCAN