The database layer
SCU3 Evaluation of logged customizing objects and tables
If your system is already above SAP NetWeaver Release 7.0, then you must either import SAP Note 1731549 or a corresponding Support Package. Afterwards, when creating new users, it is no longer possible to assign user names that are only composed of variants of spaces or other invisible special characters. Important: Changes to already existing users with these names or their deletion option are not affected by this! The SAP Note also adds the customizing switch BNAME_RESTRICT, whereupon you can control yourself whether alternative spaces are allowed to appear in certain places in the user name. For this, the following values must be set in the customizing table PRGN_CUST: NO = The alternative spaces are still allowed in the user name. ALL = The character set is reduced to a defined range, excluding certain special characters because they have specific meanings in certain operating systems or databases. This predefined character set is: ABCDEFGHIJKLNMOPQRSTUVWXYZ_0123456789,;-§&()={[]}+#. FME = The letters F, M and E stand for Front, Middle and End. With an 'X' in this three-digit switch value you can now explicitly specify at which position in the user name no wide spaces and control characters may occur. All combinations are possible, e.g.: XME = None of these special characters may occur at the BEGINNING of the user name. XMX = In the user name none of these special characters may occur at the BEGINNING and at the END. FME = One of these special characters may occur at any position in the user name (this corresponds to the default setting, i.e. as if no entry was maintained in PRGN_CUST for the switch). SAP recommends the use of the value ALL.
Remove weak password hashes from the system: Only updating the profile parameter does not provide you with the necessary security. There are still many weak hash values in your database that can be used to attack your system. These must be completely removed from the database. To do this, use the report CLEANUP_PASSWORD_HASH_VALUES. To do this, call the transaction SA38 and enter the name of the report in the input field. Run or F8 executes the programme and cleans your database Report CLEANUP_PASSWORD_HASH_VALUES This programme removes the outdated hash values across all clients. Have you already experienced this attack method or any other comments on this topic? Share your experiences with us in the form of a comment under this article.
SPAD Spool administration
SAP Basis is also known as module BC or application Basis. SAP Basis refers to all transactions, programs and objects that control the functions of the overall system. This includes, among other things, user and authorization management as well as the configuration of interfaces via RFC.
SAP Basis consultants are experts in consulting. The job of an SAP Basis consultant has many areas of responsibility, such as designing applications, installing support for SAP modules, analyzing and optimizing processes, creating reports, and modeling and extracting data.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
TP_STEP_FAILURE: A tp-Step could not be performed successfully.
You will see a list of uploaded support packages that are now known with all their attributes in the SAP system and can be handled in the right way by the SAP Patch Manager.