Search QuantityWare

BCS Security & GRC FAQs

Answers to common questions regarding information on all security and GRC related issues

Why should I retire my SAP Oil & Gas “CALL SYSTEM” “API-C” usage?

As described in the blog article “Complete compromise of an SAP system” (Protect4S SAP Security automation), if one member of the “Operating System – Database – SAP System” trio falls, they all fall. Gaining access to “rsbdcos0” is named as a method by which operating system calls could be executed by a SAP user, but why bother when “CALL SYSTEM” is being used?
“CALL SYSTEM” can be used in a legacy SAP Oil & Gas system environment to execute external files (generally referred to as “API-C” calculations) creating risk of an uncontrolled “bridge” within an ERP-level SAP Oil &

Answer Continues... View Full Answer Page

Why is it necessary to use the QuantityWare service portal?

It is defined in QuantityWare usage contracts that the QuantityWare Service Portal (https://service.quantityware.com) is the single channel of communication for all service issues.

Note: QuantityWare internal security policies explicitly forbid QuantityWare staff to send e-mails with attachments to customers or prospective customers.

The Portal provides the following advantages:

  • Secure (https-encrypted) document transfer and communications
  • Monitoring by multiple members of the QuantityWare team
  • Easily accessible history of past queries
  • In-line with good business practices (transparency and accountability)

Please contact your organisation’s “Cust.

Answer Continues... View Full Answer Page

Are there QuantityWare BCS specific authorization roles available for the Petroleum and Gas Measurement Cockpit?

Yes, all details are available in QuantityWare note 000056.

View Answer Page

I receive a SAINT and SPAM (OCS) "Signature file missing" message, what does this mean?

As described in SAP Note 2645739, 3rd parties working with SAP whose Add-On packages are not delivered by SAP through the SAP Software Download Portal, have no access to SAP digital signature technologies.

QuantityWare has a high commitment to security and provides SHA-512 checksums for all files which can be downloaded from the QuantityWare Service Portal.  Ensure that the checksum(s) of your downloaded package(s) and those published in the service portal match, before applying the package(s) in question.

Consult the SPAM / SAINT online documentation regarding the workaround for this issue:
((More →) Extras → Settings → Load Packages → Check Archive Signature).

Answer Continues... View Full Answer Page

Back to FAQs

Search FAQ