Operating systems and databases
Advantages of SAP Basis Support
In the beginning, in our company the installation and management of the systems were dealt with by the functional consultants/consultants of the respective systems. The CRM consultant was responsible for the SAP CRM system, the SRM consultant for the SAP SRM, etc.
SAP will provide all SAP Notes in the SAP ONE Support Launchpad digitally signed. This is to increase the security when the updates are loaded. If you have unsigned SAP hints, there is a risk that the notice has been changed unnoticed and malicious code will be added to your SAP system when you install the notice. This poses a significant threat to the SAP system, which is why the digitally signed provision of the clues is an important improvement. However, to use digitally signed notes in your system, you will need to take a few steps to prepare them. If you install SAPCAR version 7.2 or later and have a user with the necessary permissions, all you have to do is insert the Note 2408073 into your system and do the manual pre- and post-processing. A digital signature technically ensures that any change can be detected at the notice and can be checked by the system to see if the present note, which is to be inserted into the system, is unchanged. Prerequisites to use digitally signed SAP hints To prepare your SAP system for digitally signed clues, you first have to meet some requirements: Digital signed SAP hints are provided as SAR files. The SAR files are unpacked with SAPCAR and checked for their digital signature. SAPCAR must be available on the Application Server in version 7.20 or higher. Therefore, it is strongly advised to update SAPCAR. If SAPCAR is not at least in version 7.20, the digital signature verification fails and the message cannot be unzipped. Installation of the digitally signed clue is then not possible. The implementing user also needs some permissions to perform the necessary manual pre- and post-processing of the note on the system: Authentication for the transaction SLG1 Read permission for the S_APPL_LOG permission to write and delete data from the application directory Upgrade the SAPCAR version on your system to version 7.20 or higher SAP basis version 700 or higher, for older versions the notice must be inserted manually If you have met these requirements, you can use the implementation of note 24080 Start 73. Implementation SAP Note number 2408073.
Some useful tips about SAP basis can be found on www.sap-corner.de.
How is SAP Basis structured?
The so-called SAP message server also belongs to the application layer. Only one instance of this server exists in the system. It mediates between the services and applications. In concrete terms, this means that the message server takes care of load balancing and determines, for example, on which application server a user logs on. Communication between application servers is also the domain of this message server.
A well-cared-for emergency user concept enables the audit-proof allocation of extended permissions in combination with the assurance of daily operations in your company. This article first addresses the fundamental issues that require an emergency user approach. It then briefly explains how such a concept works in general and how we implement it. An Emergency User is normally used when tasks are temporarily taken over outside the initial field of activity. I described the different scenarios of when such a user can be used and how to deal with them in this blog post for you. Why is an emergency user approach important? There are several scenarios in which the use of an emergency user with extended rights is useful: In urgent cases, it is often necessary to be able to quickly make changes to the system that are outside the user's actual field of activity. A key user who has the necessary permissions is on vacation and needs a representation. The same user suffers short-term illness and his/her representative must take over his/her duties to ensure the operation. We recommend developing a concept for the short-term allocation of the additional permissions. This will ensure the implementation of the above scenarios. How does an emergency user approach work? An emergency user concept in SAP works fundamentally via a temporary assignment of additional rights to a specific user. After the tasks have been completed, the user is deprived of the rights. The tasks performed with the extended permissions are logged and can then be evaluated by an auditor. However, there are a few things to keep in mind: A process for granting special rights should be defined. It must be specified which users can get special rights. The time period for which users can request an emergency user should be limited.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
These specify how the outgoing data should be processed.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP.