PI Interfaces, Web Services (Process Integration/Orchestration)
Unicode Conversion
In this step, a dialogue box prompts you to confirm the commit. If the user does not have permission to execute the transaction SPAM or the current queue has not yet been confirmed, the transaction stops SPAM with a message to that effect. CHECK_REQUIREMENTS In this step, different requirements for inserting are checked. There are the following reason that may cause this step to be cancelled: TP_CANNOT_CONNECT_TO_SYSTEM: tp cannot log in to the system database. QUEUE_NOT_EMPTY: There are incomplete OCS jobs in the tp buffer. You can view these jobs using the following tp command: tp SHOWBUFFER -D SOURCESYSTEMS= TAG=SPAM You cannot resume the processing of the queue until these jobs have been completely processed or deleted from the tp buffer. DISASSEMBLE In this step, files are extracted from the corresponding OCS files and placed in the /usr/sap/trans/data (UNIX) directory.
You will need to download the support package again. CANNOT_DETERMINE_DATA_FILES: The name of a data file could not be determined because a profile parameter was not configured correctly. Verify the settings using the RSPARAM report. CANNOT_DISASSEMBLE_R_DATA_FILE: Unable to extract an R3trans data file. A possible cause of error is that the appropriate OCS file was not found or the data file could not be opened for writing. An error occurred while transferring a 20K block from the EPS inbox to the /usr/sap/trans/data (UNIX) directory. CANNOT_DISASSEMBLE_D_DATA_FILE: Unable to extract an ADO data file. The reasons are the same as for CANNOT_DISASSEMBLE_R_DATA_FILE. CANNOT_CREATE_COFILE: The cofile could not be created from the corresponding data file. One of the possible causes of error is that adm does not have write permissions for the /usr/sap/trans/cofiles (UNIX) directory.
The website www.sap-corner.de offers many useful information about SAP basis.
Known errors
User authentication is usually performed by entering a user name and password. This information is called user credentials and should only be known to the user, so that no third party can gain access to the system under a false identity. This post explains how a user's password protection can be circumvented and how to prevent it. SAP system legacy data The login data of a user, including password, are saved in the USR02 database table. However, the password is not in plain text, but encrypted as a hash value. For each user there are not only one but up to three generated password hashes. Different algorithms are used to calculate these values, but only the Salted SHA1 can be considered sufficiently safe. Table deduction USR02 The secure password hash is located in the fifth column of the pictured table deduction with the heading Password hash value. The corresponding data field in the column is called PWDSALTEDHASH. Weak Password Hash Risks You have a good and working permission concept that ensures that no processes or data can be manipulated or stolen. A potential attacker now has the ability to read out your database with the password hashes. The hash values are calculated using password crackers, which are available on the Internet at home, and the attacker now has a long list of user credentials. To damage your system, the user will now search for the appropriate permissions and perform the attack under a false identity. Identifying the actual attacker is virtually impossible. Check if your system is vulnerable too Your system generates the weak hash values if the login/password_downwards_compatibility profile parameter has an unequal value of 0.
SAP HANA has been one of the major topics in the SAP environment for the last few years. Many customers are currently faced with the question of whether or not to migrate your SAP system. In addition to the actual changeover itself, there are many other topics on which you should have already informed yourself in advance, as these influence the success of SAP HANA in your company. What do you already know about SAP HANA? I would like to encourage you to think about security in the following article. If you would like to learn about the architecture of HANA, I recommend a contribution from our colleagues at erlebe Software. SAP HANA Scenario But why are we even talking about HANA Security? Why is it so important to consider new security strategies with the new technology? With HANA it is possible to analyse data quickly. BW scenarios primarily benefit from the in-memory database (IMDB) used, as speed advantages in data access are particularly positive. Compared to a classic ERP / R3 scenario, the normal DB is replaced by HANA. The desired speed advantages result. However, migration is expected to be required for the changeover. This is caused by customer-specific developments in the system. HANA is not a further development of SAP ERP, HANA is the next stage of an ERP system. It is well known that an ERP system contains the capital of the companies. Therefore a new HANA system like all other ERP systems is also interesting for attackers. On the one hand, such a system contains the critical business data that are available for espionage. In addition, most business processes are mapped in such a system and offer an attack surface for sabotage. In addition, users do not initially know the new technology well. This also applies to administrators in the area of a new technology. Attackers quickly gain a dangerous leap of knowledge over these user groups. SAP HANA has a lot of new features, although many existing ones are used by SAP ERP, so there is a risk here.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
Since the storage area is accessible for all work processes, the work processes can also access external user contexts that lie here.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Preventing weak password hashes The generation of unsafe hash values can be prevented by setting the login/password_downwards_compatibility profile parameter to 0.