Skip to main content

Preparation

Installing client software

Note

This section is only required for the agtsap connector.

Before you begin, you must install the SAP GUI on the Bravura Security Fabric server. The client software must also be installed on Bravura Security Fabric proxy servers.

Ensure that the SAP GUI version corresponds to your newest SAP system.

OSS Note 750_390 patch

If the OSS Note 750_390 patch has been applied on the SAP server (which is applied by default in most SAP BASIS 7 and up instances), see Configuring the SAP server after applying OSS Note 750_390 about additional configuration required for the Bravura Security Fabric server.

If you are using a BASIS version before 7 and the OSS Note 750_390 is not applied, there’s no need to set up the PSYNCH_USER role or allow the admin credentials to apply it. In this case, the value for the address configuration option Method to make a password productive after a reset is set to Set the LTIME field.

Configuring a target system administrator

Bravura Security Fabric uses a designated account on the SAP target system to carry-out connector operations.

Ensure that the functions are all available and configured as listed below for the target administrator credential in order for the connector operations to be successful. Contact Bravura Security support if your SAP administrator would like to reduce access for any of these functions.

Create this account (for example, psadmin) with the following authorizations:

Cross-application Authorization Objects > Authorization Check For RFC Access:

  • Name of RFC to be protected = *

  • Type of RFC object to be protected = *

    This authorization allows a user to remote logon to the SAP server and run RFC functions.

Cross-application Authorization Objects > Transaction Code Check at Transaction Start:

  • Transaction code = SU01

    This authorization allows a user to run transaction SU01.

Basis: Administration > User Master Maintenance: User Groups:

  • Activity = *

  • User group in user master maintenance = *

    This authorization allows a user to manage another user. User group in user master maintenance is set to ⋆, which means that users with this authorization can manage all users.

    In your environment, you can select a set of user groups if Bravura Security Fabric will not manage all the users on the SAP target.

Basis: Administration > Authorizations: Role Check:

  • Activity = 02 Change

  • Activity = 22 Enter, Include, Assign

  • Role Name = *

    This authorization allows a user to add/delete a user to/from a role.

Basis: Administration > Table Maintenance (via standard tools such as SM30):

  • Activity = 03 Display

  • Authorization Group = *

    This authorization allows a user to list users, groups, and their attributes.

Basis: Administration > User Master Maintenance: Authorization Profile:

  • Activity = 22 Enter, Include, Assign

Basis: Administration > User Master Maintenance: System for Central User Maintenance:

  • Activity = 02 Change

  • Receiving system for central user administration = *

    Note

    If your system is a CUA system, you may require additional authorization(s).

Warning

Due to the customizable nature of SAP, these authorizations may not be complete or accurate for your SAP installation. If you experience any problems, contact your SAP administrator for assistance in deriving adequate permissions.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric.

Netweaver 7.5+ support

The SAP Server (Netweaver 7.5+) connector type supports NetWeaver 7.5+ SDK.

This section details how to configure the agtsapnw connector to communicate to an SAP instance. This is generally done through an SAP Message Service.

In order to set up the NetWeaver RFC, complete the following additional steps during preparation:

  1. Log into your SAP support account and download the Netweaver 7.5+ SDK files.

  2. Log in to the server hosting the Bravura Security Fabric instance and install the SDK files along the system PATH. Copying these dependencies into the Windows System32 folder is not recommended.

    1. In the "Program Files" folder, create an SAP folder.

    2. Unzip archive under the SAP folder. Depending on the version of nwrfc, at this point all the dll dependencies exist in the following path

      C:\Program Files\SAP\nwrfc< version >\nwrfcsdk\lib

    3. Navigate to the Windows Environment Variables dialogue and edit the Path environment variable for System by adding the folder noted in step (b).

      Note

      Ensure that you edit the Path environment variable for System, not User.

  3. Test any integration/connectivity issues by using startrfc.exe that is available from the NetWeaver RFC SDK. See the Testing connectivity issues without agtsapnw section for more information on this utility.

In this section: