Release Notes for bv-Control for SAP Version 3.1
|Article:TECH113299|||||Created: 2006-01-14|||||Updated: 2008-01-05|||||Article URL http://www.symantec.com/docs/TECH113299|
Release Notes for bv-Control for SAP Version 3.1
The bv-Control® for SAP® Systems application provides a security and audit solution for the SAP Server enterprise. Using bv-Control for SAP Systems, administrators can easily pinpoint database access permissions, review configuration, and perform security analyses before users experience system downtime or security violations.
The bv-Control for SAP Systems application has minimum system requirements for installation and use. Before installing bv-Control for SAP Systems, ensure that your system meets these requirements:
- CPU 866 MHz
- 512 MB RAM
- Microsoft Data Access Components (MDAC) v2.5 or later (for Client Tools)
- Microsoft Windows XP® Professional or Server with Service Pack 1 (SP1) or later; Microsoft® Windows® 2000 Server with SP2 or later; Microsoft Windows 2000 Advanced Server with SP2 or later; or Microsoft® Windows NT® Server v4.0 with SP6 or later
- SAP GUI v4.6b with Application, GUI, and Desktop interface options or SAP GUI v6.20 with the SAP GUI option (for Scheduler)
- Microsoft® SQL Server 2000 or Microsoft SQL Server v7.0 with SP2 or later
- Microsoft® Internet Explorer v5.0 or later with Java™ Virtual Machine (JVM)
- Microsoft® Internet Information Services (IIS) v5.0 or Microsoft Internet Information Services v4.0 with Windows NT v4.0 Option Pack or later
- Microsoft® Excel 2002 or Excel 2000
- Microsoft® Windows Script Host v5.6 or later
Before you install bv-Control for SAP Systems on your machine, you need to set up your server with the following requirements:
- The server must have the following drives named and partitioned, according to these minimum specifications:
Drive Name Size
Drive 0 C 8 GB
Drive 1 D 13 GB
- Both drives must have the NTFS file system in order to look at the Directory Security properties.
- Both drives must have security permissions, and the local group Everyone should be set to FullControl.
- The user must have local administrative privileges to install the product.
- The user must have administrative privileges for the SQL Server.
- The SQL Server must have a default instance if you use SQL Server 2000. The product database will only be created in the default, which is usually named LOCAL.
- The SQL Server and Windows authentication option should be selected.
- The default Macro Security in Microsoft Excel needs to be set to Medium or Low.
If your machine has a previously installed version of bv-Control for SAP Systems, you can install this version without uninstalling the existing server; however, you will need to reload your data to the SQL Server and re-upload the templates. The ABAP program will need to be reloaded to your SAP systems, and data will need to be extracted and uploaded to the SQL Server. Before installing the product, you must ensure that no users are using the system, and that the upload process is not running.
We recommend that you review the following notes before using bv-Control for SAP Systems:
- If your bv-Control for SAP Systems server has the C drive as FAT32 and the D drive as NTFS, then the bvCONTROL, bvCONTROLX, bvsearchCACHE, and bvsearchHELP virtual directories will not be created when installing or upgrading the product. You will need to install the server on a machine that has only the NTFS file system.
- When installing bv-Control for SAP Systems on a machine that has the Norton AntiVirus® active, an alert message appears stating Malicious Script for MsiExec.exe. Accept the whole script once for the server and once for the client tools installation.
- Many predefined SAP activity groups contain records in the AGR_TCODES table, but do not contain any auths in BV_TREE table because they have not yet been activated and assigned to a user. Therefore, these activity groups may show up in the query results when using the query options for AGR_TCODES or Both, but will not show up when using the Authorizations option.
The following is a summary of the change history of bv-Control for SAP Systems v3.10.
- A new GUI application for bv-Control for SAP Systems v3.10 replaces the series of desktop icons that were previously required for individual tasks. The new GUI application allows the user to upload data, edit templates, encrypt reports, and perform other tasks using a simple user interface. If you do not install the client tools, the TCode Query, Virtual TCode, and Activity Group Segregation of Duty buttons will be inactive.
- The Activity Group Segregation of Duties Query tool allows the user to query activity groups that contain segregation of duties conflicts, a list of activity group combinations for potential segregation of duties conflicts, and users with activity groups that contain segregation of duty conflicts. This tool also allows specifying a delimiter to allow easier analyzing of the users reported.
- Users now have the option of hiding reports on the bv-Control for SAP Systems Web Console.
- Users now have the option of running reports for multiple clients at one time.
- Reports on the bv-Control for SAP Systems Web Console are now sorted by Report ID.
- Users now have the option of moving archive data to any location in the local machine or in the mapped network drive after the upload process is completed. At the present time, this data is stored as an archive folder in the C:\@UploadExtracts directory on the server machine. Now users can specify an alternate destination for this archive data in the C:\@ServiceCore\Bin\SAP000.cmd file.
- Data is not uploaded to the SQL Server until verification of the required files exist in the extracted dataset.
- The bv_ExtendTCode table now expands the ranges, starting with ‘ ‘ (a single-space between single quotes). For example, ' ' - PFCF
- The bv-ExtendUser table now populates all Spanish characters correctly and does not miss any ANSI characters.
- The query has been modified so that it processes the wildcard appropriately when the query checks for bv_TREE.ExtendValue with a wildcard.
- The appearance of the query results for reports that contain conditional columns has been enhanced. Previously, the results were inconsistent when multiple rows were queried with the same value in the RESULT column.
- The state is no longer automatically reset from ENABLE to DISABLE in the Scheduler page after the first scheduled run.
- The Client Cleanup utility has been enhanced.
- The ABAP program has been updated.
- Table structures on the SQL Server database has been updated.
- New Enhance Report option AUTH has been added in the Report Definition worksheet in the report template spreadsheet file to provide true transactional access based on authorizations.
- The report templates spreadsheets have been updated to reflect which version of SAP they support because each SAP version may have different underlying authorizations for the same transaction.
- The directory structure for the encrypted templates has been modified to be SAP version specific.
- The changes to the UploadTemplate are listed in the Release Notes-UploadTemplate.htm file.
Your BindView product CD contains the bv-Control for SAP Systems User Guide in Adobe® Acrobat® .pdf file format. You can easily navigate through this document by using the topic heading list in the left pane, the green hypertext links in the text, or the search feature. You must have Adobe Reader® v5.0 or later installed to read this file. You can use the BindView product setup program to install the Adobe Reader.
© 2003 BindView Corporation. All rights reserved.
Article URL http://www.symantec.com/docs/TECH113299