SAP Basis Authorization management: Preparation and follow-up of audits as well as ongoing or selective support - SAP Basis

Direkt zum Seiteninhalt
Authorization management: Preparation and follow-up of audits as well as ongoing or selective support
SM62 Event History
The task of SAP Basis is to ensure trouble-free, interoperable and portable (mobile) operation of SAP systems in the company. Interoperable means that independent and heterogeneous IT systems can work together.

NEW TECHNOLOGIES AND INNOVATIONS The role of IT is changing (bi-modal IT). On the SAP basis, this new bi-modal organisation is particularly true. On the one hand, it is necessary to continue to ensure the SAP operation in the usual stability and security, and on the other hand, to act as a business innovator in order to fulfil the role as a technology consultant for SAP technology. ADJUST SAP basis NAMING The original definition and naming of the SAP basis no longer meets today's task. Therefore, it is recommended to give the SAP basis a meaningful and contemporary description depending on the future organisation form. For example, the bi-modal role listed in Recommendation [A1] should be taken into account.
Type linkage
The SAP basis as an organisational unit within a growing IT organisation is facing far-reaching changes. The growing number of technologies and the growing need for integration and collaboration with upstream and downstream IT departments means that the SAP basis is constantly growing. Examples of organisational concepts and further information can be found in chapters 7.6 and 9.4 of the Master's thesis.

The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.

"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.

Note: If you enable the tab configuration, all users that are not under the default Administrators group will not see tabs for the time being.

ABAP programs are executed on an SAP NetWeaver application server, which in turn is operated by SAP Basis employees.
SAP BASIS
Zurück zum Seiteninhalt