Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page
  • Manual distribution of Protect4S VM satellite system user role
  • Download the Protect4S VM role(s) you require
  • Upload the role to a satellite system

Was this helpful?

  1. Create Protect4S VM users and roles

Distribution of satellite roles

PreviousCreate Protect4S VM users and rolesNextsatellite system ABAP RFC user using wizard

Last updated 2 years ago

Was this helpful?

The Protect4S VM RFC user in the satellite systems needs the role ESEC_SA_SATELLITE to work correctly. From time to time, this role needs to be updated.

Should this happen, all Protect4S VM customers will be advised by mail to update the role in all satellite systems. This can be done using the CUA, manually or also via central update in the Protect4S system:

For this central update to work, an extra role must be added to the Protect4S VM ABAP RFC user: ESEC_SA_SATELLITE_PUSH. The CUA must not be active.

Manual distribution of Protect4S VM satellite system user role

It is also possible to download the required Protect4S VM satellite role from the Protect4S system.

The 3 roles:

  • ESEC_SA_SATELLITE for the ABAP RFC satellite system user

  • ESEC_SA_SATELLITE_PUSH the (optional) role for automatic role distribution

  • ESEC_SA_SATELLITE_MITIGATE the role required for the Mitigation of OSS Notes

are always shipped with every version of Protect4S. When executing mitigations on a S/4HANA system, in addition to the ESEC_SA_SATELLITE_MITIGATE role, you also need the role ESEC_SA_SATELLITE_MITIGATE_S4 for a delta of additional S/4HANA authorizations. This role can be downloaded from the Protect4S website.

Download the Protect4S VM role(s) you require

Log in to the Protect4S system and execute transaction PFCG. Select the appropriate role ESEC_SA_SATELLITE and select from the menu "Role", "Download":

From the PFCG menu, select "Role", "Download":

Confirm the popup:

Select a location for the role on your PC and save the file

You may repeat this step for roles ESEC_SA_SATELLITE_PUSH and ESEC_SA_SATELLITE_MITIGATE when you use the automatic distribution of Protect4S satellite user roles or the Automatic Mitigation of OSS Notes functionality.

Upload the role to a satellite system

Login to the satellite system, execute transaction PFCG and select Role, Upload from the PFCG menu:

Confirm the popup:

Select the role file you downloaded to your PC in the previous step:

Provide permission to upload the file:

Overwrite the old version of the role that exists

Make sure all lights are green in PFCG

You may repeat this step for role ESEC_SA_SATELLITE_PUSH if you want to use automatic distribution of Protect4S VM satellite user roles.

You may repeat this step for role ESEC_SA_SATELLITE_MITIGATE if you want to use the Automatic application of OSS Notes functionality.

If one of the lights is not green, it could be that the authorization profile needs to be regenerated and/or redistributed to the Protect4S satellite system user. Ask an SAP user administrator to do this if you do not know how to do this.

Central update of satellite user role (Protect4S menu)
Central update of satellite user role (Fiori menu)
Transaction PFCG, select Protect4S role
Select Role, Download
Confirm the popup
Save the role on your local PC
Select Role, Upload from the PFCG menu
Select role file downloaded in the first step
Provide permission for upload
Ignore warning and overwrite old role version
Make sure all 3 lights are green