General Security Measures (ALE)

Use

Use transaction SALE to maintain the ALE configuration, to include setting up the distribution model and setting up ALE user authorizations and profiles. Note the following:

• Be restrictive when assigning the ALE authorizations.

  The authorization profile B_ALE_ALL contains the following authorization objects that are needed for ALE:

  Authorization	Description
  B_ALE_CGRP	ALE Customizing Distribution: Group activities
  B_ALE_LSYS	ALE/EDI: Maintaining logical systems
  B_ALE_MAST	ALE/EDI: Distributing master data
  B_ALE_MODL	ALE/EDI: Maintaining customer distribution model
  B_ALE_RECV	ALE/EDI: Receiving IDocs via RFC
  B_ALE_REDU	ALE/EDI: Generating messages (ex. reduction)
  S_PROGRAM	ABAP: Program run checks
  S_TABU_DIS	Table maintenance (using standard tools such as SM30)

• Protect external users and passwords.

  For example, for a non-SAP system to send IDocs to an SAP system using transactional RFC, it must also send a user ID and password. In most cases, the user and password are stored outside of the SAP system. Make sure that this information is not accessible to external systems or programs. (How you can do this is dependent on the system that you have; therefore, you need to refer to the documentation for the system where the information is stored.)