You know the Secure Programming Guidelines but you want to do more? Well, here are my top priority security recommendations for developing secure ABAP applications:
New database tables
- Assign table authorization group Usually you create 3 table authorization groups per application:
a) for customizing tables (C)
b) for master data and transaction data or other application data (A)
c) for system data (S)
You can use the report RDDPRCHK (or RDDTDDAT_BCE) to analyze the settings. Use transaction SM30 for view V_BRG_54 to maintain authorization groups respective view V_DDAT_54 to maintain authorization group assignments. Maintain authorization groups http://help.sap.com/saphelp_nw70/helpdata/en/a7/5134d2407a11d1893b0000e8323c4f/frameset.htm Maintain authorization group assignments http://help.sap.com/saphelp_nw70/helpdata/en/a7/5134df407a11d1893b0000e8323c4f/frameset.htm - Set the maintenance flag, which controls SE16 am SM30, correctly Data Browser/Table View Maintenance http://help.sap.com/saphelp_nw70/helpdata/en/a6/03883acb00d768e10000000a114084/content.htm
- Activate table logging for customizing table or create a change document object for master data. You can use the report RDDPRCHK (or RDDTDDAT_BCE) to analyze the settings. Check the settings of profile parameter rec/client and the tp parameter RECCLIENT, too. Activate/Deactivate Table Change Logging http://help.sap.com/saphelp_nw70/helpdata/en/7e/c81ebb52c511d182c50000e829fbfe/frameset.htm Note 1916 Logging table changes in R/3 https://service.sap.com/sap/support/notes/1916 Note 84052 R3trans: Table logging https://service.sap.com/sap/support/notes/84052
- Create specialized SM30 maintenance views instead of offering maintenance using SE16 and add additional authorization checks if required. Create a Maintenance Dialog http://help.sap.com/saphelp_nw70/helpdata/en/a1/e4521aa2f511d1a5630000e82deaaa/frameset.htm Event 25: At the Start of the Maintenance Dialog http://help.sap.com/saphelp_nw70/helpdata/en/c2/703037301f327ae10000009b38f839/frameset.htm