SAP Trial Systems | CAL Systems: Setup & Security Best Practices

SAP CAL system setup – Accessing and Security

The The SAP Trial Systems | CAL Systems appliance can be accessed via a preconfigured Windows remote desktop (option 1) or via client tools on your local PC (option 2). For the first steps with the appliance (especially for the personnel that has set up the appliance), we recommend the access via the remote desktop since it has multiple client tools and pre-configurations included.

For a detailed guide on setup and best practices, visit our SAP Trial Systems | CAL Systems: Setup & Best Practices page.

Remote Desktop

The embedded Windows Remoted Desktop license allows 2 concurrent sessions (e.g., one for the existing user Administrator and one for another user that you can create on the remote desktop). Installing your own RDP license might also be an option to allow more concurrent users on the RDP

SAP users: SAP Trial Systems | CAL Systems

Generally these users can be started out with or a new one created as needed

• 1. 000
• 2. DDIC and BPINST (Password same as what you kept during installation

• 3. 100 Client

• 4. S4H_AA_DEM / S4H_AA (Asset Accounting)

• 5. S4H_FIN_DEM / S4H_FIN (Finance)

• 6. S4H_CO_DEM / S4H_CO (Controlling)

• 7. S4H_MM_DEM / S4H_MM (Materials Management)

• 8. Generic HANA DB user BPINST / Welcome1 Generic user that can be used to access HANA DB

• 9. Technical S/4HANA user SAPHANADB / Technical user for accessing HANA from the S/4HANA server.

• 10. Defined in /nDBACOCKPIT; HANA schema SAPHANADB contains the S/4HANA data

• 11. OS User Name root The default Linux administrator user OS Password Use the generated private key with SSH tools

If you still forget your master password use the steps in notes here e temporary SAP* unlocking as described in SAP Note 3303172

Also if you are looking to access Specific Fiori Apps ensure you are able to add Fiori Specific app role onto the system.

Refer the getting started Guide which ahs the list of already existing preconfigured user

By default, the below ports are opened for your appliance (i.e., this is the inbound firewall of your cloud provider). The access from your local computer to your appliance happens via those ports. You can edit/add/remove ports manually in the appliance details (click on the appliance link in the Cloud Appliance Library console → Edit → Virtual Machine → Access Points).

Many of these users have a large set of roles and extensive authorizations in the system (eg. the SAP_ALL profile). Please check your scenarios and security considerations whether you want to use them or copy & adapt them accordingly. We generally create our own User and add roles as needed.

Getting started guide

bf0c9643-65f2-4647-9146-2afce089cf1a_Getting_Started_Guide_v7.pdf

To read more, Visit