当前位置:网站首页>Talk about the realization of authority control and transaction record function of SAP system
Talk about the realization of authority control and transaction record function of SAP system
2022-07-07 16:43:00 【InfoQ】
I was on the Internet before , I have also read some SAP ABAP Colleagues introduce how to pass ABAP Step by step debugging , Bypass SAP Standard permission check “ Tips ” The article , For example, modify the permission check statement in the debugger AUTHORITY-CHECK The return value of sy-subrc, Or simply use the debugger “ Jump to a statement ” This function , Bypass permission check statements directly .
Although said in SAP In the production system , By convention , Ordinary business users will never have the permission to debug , Let alone modify the value of variables in the debugger , But if it is in the development system , Modify the value of variables directly in the debugger , Or skip the execution of some statements , Is it really possible not to be discovered by others ?
The answer is No . Look at an example :
![null](/img/67/89252e5d3d32439ba93c216401e8f6.png)
I am here ABAP The debugger changes the value of the variable from 12 Change to 123, Enter to make the change effective . Then the transaction code SM21, Open the system log viewing tool :
![null](/img/27/d8d914fd49bd02722653c68e68799d.png)
I was just ABAP The behavior of modifying variable values in the debugger , On record :
![null](/img/df/54db43d168521dc516797445ce29e3.png)
Try again in ABAP In the debugger , Use “Goto statement”, Skip some statements directly :
![null](/img/43/c03e8535daa057436eef27a66a2ef8.png)
This behavior can not escape the record of the system log , Even from the first few lines ABAP The code jumps to another line , Are clearly recorded .
![null](/img/5d/53a8e0a98b9a7152e9207a652f9111.png)
Terminal Field is the terminal machine used by the user who executed the statement jump in the debugger ID, Each connected to ABAP Netweaver Each machine on the server has a unique terminal ID.
Where are these system log files stored ? Click on Display Components, stay Component trace In the panel , Can selectively view certain types of system logs :
![null](/img/1a/2c3a030f52487e0bba55a5cd42ea76.png)
among /usr/sap/AG3/D56 Path at the beginning , That is, I am currently logged in Application Server,ID by AG3,instance numeber by 56 The working directory of this server :
![null](/img/ee/c1353218932d3f857792513b897e90.png)
Use transaction code AL11 Follow this path , stay work These system log files can be found in subdirectories :
![null](/img/39/e78b589f1d2c64fd0572b58a4aa629.png)
![null](/img/81/827bcd9f17369a5038bf08ccb6f899.png)
Ordinary ABAP The user does not have access to the operating system , You cannot write to these system log files .
To make a long story short , Once you use the method of single step debugging to bypass some permission checks or perform other dangerous operations , These behaviors are immediately recorded in the system log , Ordinary users cannot delete these log files .
SAP The authority control system of the system is well designed , When you find that you lack the authority to execute a certain transaction in your actual work , Please follow SAP Standard process of authority control to solve problems . adopt ABAP Single step debugging bypasses permission checking , In no case SAP Recommended solutions . Even before you want to do this on the development system , Be sure to think twice before you act .
It's over SAP ABAP Authority control in the system , Let's take a look at the implementation of its transaction recording function .
Used to “ Plague bar ” After 70, after 80 , about Windows The registry must be familiar . At that time, it seemed a little distant , There are even many specially published books , Professor how to modify Windows Registry to improve system performance , Or enable some Microsoft defaults disable The hidden function of .
![null](/img/d3/b3b96c9db62f138297b6cd78d8d131.png)
![null](/img/67/09de1b858fee723925f04ac5fadfe3.png)
We know Windows The registry is used to store the setting information of the system and Applications , from Windows 95 Enable the Windows10.
![null](/img/3e/9a9e441f30876badbab9d9753b9640.png)
that SAP GUI List of transaction codes used in the command line , Will it also be saved in Windows Somewhere in the system registry ?
![null](/img/ea/de6884bedfb5642b4d2c68bbd31c7d.png)
Windows In the operating system ,Win + R, perform regedit Open the registry , Along the path HKEY_USERS\Software\SAP\SAPGUI Front\SAP Fronted Server\Code an , You can see a list of these used transaction codes .
![null](/img/70/af66e8c482d82c0857c6ad3a3e7427.png)
Again , In the local SAP GUI Under the table of contents , Yes SAPHistory<User Name>.db and SAPHistory<User Name>.mdb These two documents :
![null](/img/17/f09470d2a93f2fafff818cf6ad18ba.png)
according to SAP note 1121688 - SAP History: explaining database files, etc That's what I'm saying , Extension .mdb The file is an old version SAP GUI Use , and .db Corresponding to the new version .
![null](/img/f9/78839c4f4004e98c83484179a4e075.png)
Teaching a man to fish is better than giving him a fish , How to find SAP GUI The registry location where this local information is stored ?
Suppose you want to know the following History Settings Whether the value of is maintained in Windows In the registry ,
![null](/img/b5/97ba1f9dc7a21352821ac9d3da083f.png)
First , Before modifying the settings , Export a registry image file before.reg:
![null](/img/80/30e9bfd119e5d7a6e4d33508e51755.png)
stay SAP GUI Modify the settings in , After the save , Export the second registry image file after.reg, And then use Windows Self contained file comparison tool fc Compare the differences between the two image files , The result is SAP GUI These settings are in Windows Location in the registry .
![null](/img/77/9731fff0085d14163bca32635c674d.png)
give the result as follows :
![null](/img/bd/df46f777abc503f9f6666ec3e1cb2b.png)
![null](/img/52/5bad6f57896961fe929043180ad173.png)
Most registry entries are located in SAPGUI Front Under this node , And trace upward from this node , You can also find others SAP The value written by the software in the registry , such as SAP Cloud Connector,SA Cloud Application Studio,SAP Intelligent Robotic Process Automation Kit, etc .
![null](/img/0a/a78d131c85177ce0482ea6fc31456c.png)
SAP GUI In the setup checkbox If you tick , Corresponding Windows The value in the registry is maintained as 00000001:
![null](/img/b2/262823585e89acd830a7783b4e5a14.png)
And in the SAP GUI The value stored in decimal system , Stored in Windows It will be automatically converted to hexadecimal in the registry :
![null](/img/b6/407fce317d0a01c62d404cef8371b5.png)
summary
This paper starts from SAP System developers try to bypass the monitoring of system permissions by means of one-step debugging, and analyze the behavior itself and its consequences , It introduces SAP Complete realization of system authority control , Then from Windows Registry expansion category of the operating system , It introduces SAPGUI How the transaction logging function works .
边栏推荐
- Laravel5.1 Routing - routing packets
- 字节跳动Android金三银四解析,android面试题app
- ByteDance Android gold, silver and four analysis, Android interview question app
- Binary search tree (basic operation)
- 数据中台落地实施之法
- Performance measure of classification model
- 爬虫(17) - 面试(2) | 爬虫面试题库
- [C language] question set of X
- Inner monologue of accidental promotion
- 使用JSON.stringify()去实现深拷贝,要小心哦,可能有巨坑
猜你喜欢
随机推荐
How to determine whether the checkbox in JS is selected
[designmode] proxy pattern
【C 语言】 题集 of Ⅹ
1亿单身男女“在线相亲”,撑起130亿IPO
模块六
应用在温度检测仪中的温度传感芯片
Performance measure of classification model
ThinkPHP URL 路由简介
OpenGL personal notes
[summary of knowledge] summary of notes on using SVN in PHP
Vs2019 configuration matrix library eigen
Balanced binary tree (AVL)
字节跳动Android金三银四解析,android面试题app
修改配置文件后tidb无法启动
logback.xml配置不同级别日志,设置彩色输出
[designmode] template method pattern
Cesium(3):ThirdParty/zip. js
Spark Tuning (III): persistence reduces secondary queries
使用JSON.stringify()去实现深拷贝,要小心哦,可能有巨坑
[C language] question set of X