AjayBathini-MSFT
commented
1 year ago @davi-cruz Thanks for your feedback! We will investigate and update as appropriate.
Closed davi-cruz closed 7 months ago
AjayBathini-MSFT
commented
1 year ago @davi-cruz Thanks for your feedback! We will investigate and update as appropriate.
cwatson-cat
commented
9 months ago @batamig FYI
batamig
commented
8 months ago batamig
commented
8 months ago @davi-cruz, thanks again for writing into docs back in May. There have been some changes in the support since then, and we're wondering if this issue is still relevant. I'm also tagging @yohasson and @dvir-ms as SMEs for visibility. Thanks!
davi-cruz
commented
8 months ago Hi @batamig,
Requested information is still missing, unless no longer required when leveraging the above-mentioned collection methods. Logs collected leveraging SAP Conntrol interface and OS Login will still require those credentials, that documentation doesn't provide the expected Keyvault Secrets names, as well as required permission in OSLevel.
I understand that this kind of privileges are managed by SAP BASIS team but any documentation recommending minimum permissions required helps security teams to procure those rights accordingly.
Section from Ingestion profiles that, if used, will require OSLevel and SAP Control privileges:
# ABAP SAP Control Logs - Retrieved by using
ABAPFilesLogs = False
SysLog = False
ICM = False
WP = False
GW = False
# Java SAP Control Logs - Retrieved by using SAP Conntrol interface and OS Login
JAVAFilesLogs = FalseThanks so much for your dedication, and we appreciate your feedback and helpful input.
Unfortunately, at this time we have been unable to close your issue in a timely manner and we sincerely apologize for the delayed response. The requested updates have not been made since the creation of this issue, and the timeline for resolution may vary based on resourcing, so we've created an internal work item to incorporate your suggestions together with our team. We've added your notes to that work item so that we can track them all together. We are closing this issue for now, but feel free to comment here as necessary. #please-close
It would be extremely helpful to include in optional requirements the permission level for information collected through JAVA/ABAP File Extraction, which would allow better planning in deployment and avoid unnecessary troubleshooting.
Any general guidance on the minimum required permission on OSLevel and SAPControl for those accounts as well as how to configure them (expected names in KeyVault preventing their exposition in the
systemconfig.ini) would be useful in this situation, making it easier for Security Teams to obtain those accounts with their SAP Basis teams.Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.