Active monitoring
SAP NetWeaver Integration Technology
From a purely technical point of view, each generated authorization role contains a profile from which a user receives the actual authorization objects and authorization characteristics. If this profile is outdated or not assigned at all, the user will not have all the authorization objects contained in the authorization role. Incidentally, the problem arises particularly frequently after role transports: If an authorization role is changed in the development system and then transported to the production system, the current profile is not automatically assigned to the users with the respective role. A user comparison must therefore be performed here.
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The most important SAP Basis transactions
The monitoring of SAP systems, for example, is handled by modern AIOPs software, which permanently performs essential checks thanks to regular checks. This allows us to focus on optimizing your SAP systems, not only reactively in the event of an error, but also proactively to avoid possible errors before they occur.
Support Packages from SAPNet - Web Frontend or Collection CDs are available in a compressed format. Note that you must unpack the support packages before processing. Download the support packages from the SAPNet - Web Frontend or mount the appropriate CD. Log in with the following user: Operating system users UNIX adm AS/400 OFR Windows NT adm Go to the following subdirectory in your system: Operating system UNIX and AS/400 usr/sap/trans/tmp Windows NT :\usr\sap\TRANS\TMP Unzip the archive containing the support packages with the following command: Operating system command UNIX CAR -xvf ///_CAR AS/400 CAR '-xvf /QOPT///_CAR' Windows NT CAR -xvf :\\ CHIVE>.CAR Put the unpacked support packages in the EPS inbox of your transport directory: Operating system EPS-Inbox of the transport directory UNIX /usr/sap/trans/EPS/in AS/400 /usr/sap/trans/EPS/in Windows NT :\usr\sap\trans\EPS\in Now bring the support packages into your system with Support Package Upload. You will see a list of uploaded support packages that are now known with all their attributes in the SAP system and can be handled in the right way by the SAP Patch Manager. Select Back to return to the SPAM entry screen.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
According to SAP documentation, the matchups differ as follows: Profile Matchup: "The program compares the currently valid user assignments of the selected single roles with the assignments of the associated generated profiles and makes any necessary adjustments to the profile assignments.