SAP BASIS - THE SECURE FOUNDATION OF THE SAP SYSTEM
SAP Basis - Administration of SAP system landscapes
PROJECT HISTORIES: THE SAP basis OF TOMORROW An entry in the Forum Infrastructure and Operations within the DSAGNet drew attention to the problem of the SAP basis as described above. This led to a lively discussion, which attracted a lot of interest from the members of the DSAM. Building on the interest and need for action of the member companies, a project was initiated by the DSAG as well as by the SAP, which should deal with the future of the SAP basis. Several companies were invited to participate and their willingness to participate actively was questioned in a DSAG survey. The first project meeting took place within the framework of the DSAG Annual Congress in Bremen in 2015. As a result, regular events took place at the SAP office in Freiberg am Neckar and St Leon-Rot, with the participation of up to 15 companies. In the project "the SAP basis of Tomorrow", current questions of the companies as well as the question of the SAP basis of the future were discussed and worked out with regard to the IT landscape, processes and organisational structure. A master's thesis was initiated to document and prepare the results as well as to examine the topic in scientific terms in parallel with the project. This was made at the University of Applied Sciences Würzburg-Schweinfurt as part of the Master's programme in Information Systems with Prof. Dr. Karl Liebschnitel and submitted for evaluation at the end of March 2016.
In this step, a dialogue box prompts you to confirm the commit. If the user does not have permission to execute the transaction SPAM or the current queue has not yet been confirmed, the transaction stops SPAM with a message to that effect. CHECK_REQUIREMENTS In this step, different requirements for inserting are checked. There are the following reason that may cause this step to be cancelled: TP_CANNOT_CONNECT_TO_SYSTEM: tp cannot log in to the system database. QUEUE_NOT_EMPTY: There are incomplete OCS jobs in the tp buffer. You can view these jobs using the following tp command: tp SHOWBUFFER -D SOURCESYSTEMS= TAG=SPAM You cannot resume the processing of the queue until these jobs have been completely processed or deleted from the tp buffer. DISASSEMBLE In this step, files are extracted from the corresponding OCS files and placed in the /usr/sap/trans/data (UNIX) directory.
SAP Script
This access method depends solely on the rights assigned to the user. System users: Users of this user group are comparable to SAP*. They act as administrator in the system. Therefore, they should be deactivated / set to inactive as soon as possible, as soon as the system operation is ensured. You should still be aware of the SAP ERP environment to address this security risk. In a HANA system, there are privileges instead of permissions. The difference is first of all in terms of terminology. Nevertheless, the permissions are assigned differently (directly / indirectly) via the assignment of roles. These are thus accumulations of privileges. As in older SAP systems, system users must be disabled and certain roles that already exist must be restricted. Compared to an SAP ERP system, small apps are allowed instead of large applications. In this case, attention should be paid to an individual authorisation. It should be a matter of course for users to have implemented secure password rules. Settings Securing the system also means securing the underlying infrastructure. Everything from the network to the host's operating system must be secured. When looking at the system landscape, it is striking that the new technology brings many connections that need to be secured. The SAP Gateway, which is responsible for the connection between backend and frontend, is also a security risk and must be considered. All security settings of existing and future components must be validated to HANA compatibility. Secure communication of connections is obtained when you restrict access where possible. Encryption of the data of a HANA system is disabled by default. Be sure to encrypt sensitive data anyway. Especially data that is archived. If an attack is made on your system, you should be able to run forensic analysis, so you should enable the audit log. Moreover, few users should have access to it.
The main benefit of the implementation of the above recommendations lies in the creation and documentation of the innovative power of the SAP basis. Through consistent research and testing, the SAP basis is enabled to assume its role as an innovation driver. It also creates an attractive and exciting working environment for employees. By being involved in projects in a timely manner, project success will be promoted and will contribute to company success in the medium and long term. One possible consequence of the constant overuse of the employees is the reorientation of the employees and the associated loss of knowledge. This can also lead to the complete basic activity being carried out by external partners, to which a dependency relationship then arises.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
If the queue is not yet fully defined, you must define the queue from the available support packages.
Once a month (or even once a week) with the option "Perform cleanup", so that obsolete profiles and user mappings are regularly cleaned up.