CODE_SCANNER ABAP Search
Insert Queue
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Tasks such as the update of components, the insertion of security updates or monitoring should be further automated. It is recommended to use only one automation tool (SAP Solution Manager or SAP LVM). Custom solutions and scripts should not be used or replaced with standard tools if possible, because otherwise different script languages and script versions will have to be managed, resulting in a lot of maintenance. Standardised SAP scripts are welcome here. A useful definition of thresholds, for example on the basis of historical system behaviour, must also be defined for monitoring.
STAUTHTRACE System trace for authorization checks
There are the following types of Support Packages: SPAM/SAINT Update A SPAM/SAINT update (PAT) contains updates and improvements to the SAP Patch Manager and the SAP Add-On Installation Tool. FCS Support Package An FCS Support Package (FFD) brings an FCS system to the generally available release level (GA level) before other support packages can be inserted. Component Support Package One such support package (COP) applies to one software component (SAP_BASIS, SAP_HR, SAP_APPL, etc) and contains corrections for errors in the repository and in the dictionary in exactly this software component. Support Packages for the component SAP_HR include adjustments due to legal changes in addition to these corrections. A BW Support Package (BWP) is a support package for the SAP Business Information Warehouse (SAP_BW) software component and contains corrections only. Add-On Support Package An Add-On Support Package (AOP) always applies to an add-on with a specific release and includes corrections for that add-on.
We always keep your systems up to date: System upgrades and updates are very important both functionally and for the security of your data. Whether release upgrades or importing important support packages - we are your experts.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
BENEFITS & CONSEQUENCES The added value of the implementation of the recommendations described above lies in the guaranteed operational stability and operational safety.
Understanding the structure and functionality of the system is especially important for IT administration.