DOCUMENTATION / ARCHIVING
Introduction/training of the in-memory database
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
Migrations occur, for example, when a customer decides to host his systems at Rödl & Partner and the SAP systems therefore have to be migrated from in-house operation or from the original hosting provider to our data center. Also in the course of a conversion to S/4HANA, the data is migrated from the original database type to an SAP HANA database. This is also done with the tool "SUM" (Software Update Manager) via the so-called "DMO" (Database Migration Option).
The website www.sap-corner.de offers many useful information about SAP basis.
USE OF THE SECURITY AUDIT LOG
Select the transport order from the development system that was rejected in the quality system. This is technically repackaged into the Q-System in a new order and transported to the quality system. At this point you will again have the possibility to perform the approval step you really want to perform.
Parameters in the SAP create a high degree of flexibility. Profiles can be used to configure the system for almost any purpose. But with such a large number of parameters one quickly loses an overview of the influence of each parameter. For storage management alone, there are 20 different parameters that can be changed at different points in the SAP system. This article brings order to the mess and explains the most important parameters. There are three types of memory in the SAP system for a work process: ・ Roll Area - Local Memory Area for a Work Process ・ Extended Memory - Global Memory Area for All Work Processes ・ Private Storage /Dynamic Memory (Private Memory/Heap Memory) - Private Memory Overview of SAP System Memory Regions Parameters for the Rolling Range When a user starts a programme, a role area is created for that programme instance through a workprocess. The user context is stored in this memory area. The size of the roll area for a work process is determined by the ztta/roll_first parameter. If the storage area is not sufficient, a portion of the Advanced Memory will be allocated for the user context, the size of which will be determined by ztta/roll_extension, ztta/roll_extension_dia, and ztta/roll_extension_nondia. The latter two override ztta/roll_extension if used and offer the possibility to set different quotas for dialogue and non-dialogue work processes.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
Daily checks are still commonplace for many SAP customers today; with Avantra, they are a thing of the past.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
You can upgrade the SAP Basis Plug-In alone in one system within the system landscape and use the existing SAP Basis Plug-In release in the other systems in the system landscape.