SM50 Work process
SAP Basis Introduction and R3 Architecture Overview (in English)
The CodeProfiler prevents poor-quality code or programs with security vulnerabilities from entering a productive SAP system landscape in the first place. It is therefore important to use the CodeProfiler throughout the entire lifecycle of a software. Already during programming, the CodeProfiler helps the developer to identify and correct errors and vulnerabilities in the SAP landscape. The CodeProfiler automatically ensures that only "clean" code is transported to the next level (development system -> test system -> quality assurance system -> production system). The CodeProfiler can also be used for regular review cycles.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Installation/upgrade of the SAP systems based on HANA Platform
In this SAP Solution Manager training, we teach you how SAP Solution Manager works. You will receive the necessary know-how to implement SAP SolMan yourself.
In order for Fiori applications to be displayed according to the calling users, appropriate Fiori permissions must be maintained in the PFCG. There are several points to consider. This article discusses the permissions required to launch a Fiori application. In addition, a short explanation is given, how the displayed tiles can be configured in the Fiori launchpad via reels. To run Fiori applications from the launchpad and the permission queries defined in the OData services, the corresponding Fiori permission objects must also be maintained in the PFCG. Here the start permissions for the application's OData service in the backend system as well as permission objects are relevant for the business logic of the OData services used in the application. In general, it is important to know that if Fiori is implemented correctly, permissions must be maintained in the front-end server (call Launchpad, start the tile, etc.) as well as permissions in the back-end server (call the OData services from the backend). This article explains this in more detail.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
A consultant will contact you and discuss the details of the exam.
The conscious processing and consideration of error situations in job chains - also at step level - can help to reduce manual effort.