This is a nice pdf giving overview of sap security..
http://www.acc.ncku.edu.tw/chinese/faculty/shulc/courses/cas/SAP_BASIS_and_Security_Administration.pdf

There are many ways through which you can get the Version Number of SAP Kernel.
One of the method is from any window in the top menu go to
system--> status and click on the other kernel info button which is between the navigate and cancel buttons.

Another method is to login as administrator and enter the following disp+work -v. in command field on left top corner. This will show you the kernel version of SAP.

You can also check the log or trace files at os level /usr/sap/work/dev_disp.

You can also get this kernel information from sm51 screen. Go to transaction sm51 then click on database server (single click only. Not double click) and then click on release notes. Then you will see the kernel information and patch level.

If you guys are interested checkout out our new php tutorials website
Php Tutorials

This is a critical and security feature. You can know whether some one is logon using your user id from any other computer. Multiple logons of users must be set to 1 in sap production systems. This can be allowed in DEV systems. But in production it must be restricted.
Go to rz10 and change the paramenter
login/multi_login_users. By default the value is 0 which is inactive. If you want to activate mupltiple logons for some users in sap like service users you have to change the parameter
login/disable_multi_gui_login = you have to enter the user names in the values seperated by semi colon ; and dont leave spaces between the userids. Now you have to restart the instance.

To deleted scheduled jobs in SAP you need to go to Tcode SM37. Now you select the jobs that you want to delete. Click on the check button left side of each job name and now in the menu go to job->delete.

Precaution must be taken when dealing with dependent jobs. If the completion of job1 starts the job2 and if you delete job1 then job2 will not start.
When deleting the jobs the system will inform you of any such dependent jobs and you need to reschedule them to start again

What are the maximum no of sessions per user in SAP?
This is the maximum no of windows which you can open in SAP for that system.
By default the value is 6. So a user can open 6 sessions in 4.7x.
You set this values in rdisp/max_alt_modes parameter.
You can change this parameter using RZ10 in instance profile and use extended maintenance for changing this.
Mos of the companies restrict this no of sessions since they can cause unecessary load..

These are the most importatn tables you need to remember. The last one is a file. These tables comes in handy when you need to extract data. There are instances in which data taken from suim is inaccurate. Using this tables and sqvi you can extract any data you need.

• AGR_AGRS - Shows simple roles within composite roles
• AGR_USERS - Shows user information for roles
• AGR_TCODES - Shows transactions assigned to roles "through the menu"
• AGR_1251 - Shows authorizations for roles; if you restrict it to authobj
• S_TCODE, you can see more than table AGR_TCODES shows you

What is the difference between SAP_ALL and SAP_NEW

Definition of SAP_NEW:-
SAP_NEW is a SAP standard Profile which is usually assigned to system users temporarily during an upgrade to ensure that the activities and operations of SAP users is not hindered, during the Upgrade. It contains all the necessary objects and transactions for the users to continue their work during the upgrade. It should be withdrawn once all upgrade activities is completed, and replaced with the now modified Roles as it has extensive authorizations than required.

Definition of SAP_ALL:-
SAP_ALL is a SAP standard profile, which is used on need basis, to resolve particular issues which may arise during the usage of SAP. It is used by Administrators/Developers only and is applied on a need to use basis, then withdrawn. It contains all SAP system objects and Transactions. SAP_ALL is very critical and only SAP* contains SAP_ALL attached to it in the production system. No other dialog users have SAP_ALL attached to them.

SAP_NEW is used in the Production environment during a version upgrade whereas SAP_ALL shouldn't be or not allowed be used in Production (for audit purposes obviously), except where necessary, in a controlled manner with all proper approvals from the customer.