REDUCTION AND AVOIDANCE OF ORGANISATIONAL INCENTIVES
What are the areas when working with SAP systems?
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
SAP Basis refers to the IT underlying the SAP system. It includes various middleware programs and tools and is responsible for the smooth operation of the SAP system.
SAP Enhancements
Every SAP Basis system must be controlled and managed by an administrator. The person responsible ensures smooth operation of the system. This can be an internal administrator, or can be handed over to external service providers.
The database layer is used to store all company data and consists of the database management system (DBMS) and the data itself. In each NetWeaver system there is a database server on which the SAP database is located. It provides all other applications with the necessary data. The data is not only data tables, but also applications, system control tables and user data. All basic components ensure that the user has fast and reliable access to this data.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
The message server serves as an "intermediary" between the applications and services, for example, by controlling communication between the individual application servers and determining the load on the application servers.
The parameters abap/heap_area_dia and abap/heap_area_nondia, on the other hand, determine how much private storage a single (non-)dialogue workprocess can use.