Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page

Was this helpful?

  1. Create Protect4S VM users and roles

satellite system ABAP RFC user using wizard

PreviousDistribution of satellite rolesNextsatellite system ABAP RFC user MANUAL SETUP

Last updated 2 years ago

Was this helpful?

The ABAP RFC users in the satellite systems may be created by different methods:

  • using a wizard. This method is not possible when Central User Administration (CUA) is active. If this is the case, please use the CUA in order to create the required users

  • using the Central User Administration

Protect4S VM needs to be able to connect to at least 1 ABAP client. However, in order to have a complete overview it is recommended to create ABAP connections to all clients of the satellite system. The best method of achieving this is using the wizard labeled “Create a satellite system user” from the launch pad.

The wizard needs an existing SAP super user ID that has the required authorizations to create a user in the satellite system and upload and attach the required security role. After selecting “Create a satellite system user” from the launch pad the following wizard starts:

Supply:

  • the ABAP central instance (or primary application server) name or IP-address

  • the Instance number

  • the productive client

  • the name of the SAP administrative user

  • the password of the SAP administrative user

Optionally you may:

  • set the “Trusted system” flag if the super user has trusted system access.

  • Set the SNC active flag and provide the SNC partner if the super user is able to use SNC to logon to the target system.

After you press the Next button, the available clients will be determined in the satellite system and the second step of the wizard appears:

The wizard assumes that the same super user will be used to setup the satellite user for all clients. The password for these user ID must be supplied. Optionally you may use another super user ID or skip a client.

  • ✔ It is recommended to connect all clients in order to produce a complete result during vulnerability analysis

Please note that the trusted flag may be selected only if:

  • the user already has been created in the satellite system

  • the user has the required S_RFCACL authorization

  • the trust between the Prtect4S system and satellite system already has been configured

When all passwords are provided, press the Next button to continue. In the last screen the actual satellite users can be specified along with their initial passwords. The users will be created as “SYSTEM type” users. Optionally you may change their user names.

IMPORTANT:

  • ✔ The flag “Auto. Update role” adds a security role to the satellite user that makes it possible to push new roles from the Protect4S system to all users in all satellite systems, for example, following an upgrade or update of Protect4S VM. When set, this flag adds the role ESEC_SA_SATELLITE_PUSH to the satellite system user. This role has authorizations to alter the satellite system remotely, with certain restrictions. Please review whether this mechanism matches corporate policies and if not, deselect this functionality.”

  • ✔ The flag "Allow mitigation" adds a security role /ESEC/SA_MITIGATOR to the satellite user that is used in Development systems to download and apply missing security notes. For the mitigation of OSS Notes, a "SERVICE" type user is required and will be created when this flag is set.

After supplying the passwords for the satellite users and pressing the button Next, a confirmation screen appears and the satellite users have been created as specified.

For short term assessments also limit the validity period of the created user to the period of the assessment. This can be set on the LOGON DATA tab in SU01.

manually
Satellite user creation wizard step 1: supply system data
Step 2: supply name of super user in the relevant clients
Step 3 supply the PROTECT4S VM satellite system user password & other options
Confirmation screen for satellite user wizard