SAP Basis Administration
SCC3 Log evaluation client copy
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
In addition to internal security requirements, national and international guidelines sometimes require all audit and security-related user actions to be recorded. With the Security Audit Log (SAL) you have the possibility to log all changes, e.g. for users, user master records, but also roles and groups.
Indirect use of SAP is a license violation that occurs when third-party software is used without permission with ... View Entire Definition
The SAP Identity Management System (IdM) enables centralised user and permission management in a heterogeneous system landscape. By using an IdMSsystem, manual processes can be replaced by automated workflows that are mapped and administered centrally. Examples of scenarios: 1) User and Authorisation Management 2) ESS/MSS for the management of personnel data 3) Audit and monitoring for the verification of compliance with legal regulations What should be taken into account, however, if you want to introduce an Identity Management System? In this contribution, I would like to highlight fundamental points that need to be clarified before the introduction.
This possibility is particularly advantageous when it is a new topic and there is not yet a lot of know-how in the company. Instead of buying an expensive coach to teach employees the basics of a new topic, this means that the knowledge can be made available more cheaply and in a longer term, for example, through an online course.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
In the following chapter I would like to explain our best practice approach to implementing an emergency user concept.
However, quite a few companies also offer to train employees to make them fit to work as SAP Basis Administrators.