SAP Administration II
SF01 Logical file paths and names (client dependent)
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
People tend to forget how important this element of the architecture is. The setup involved often proves to be especially important for companies looking to implement the SAP system for the first time.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
Further information on DBACOCKPIT
The second component of the application layer is the message server. It acts as a kind of "mediator" between the services and the applications.
Project successes should also be documented and circulated as success stories of the SAP basis or made available to the SAP basis stakeholders to highlight the importance of the SAP basis. These success stories can be shared from the grassroots or from the outside, for example. Examples include CIO communications or project reports. BENEFITS & CONSEQUENCES The added value of the implementation of the recommendations described above lies in the guaranteed operational stability and operational safety. In addition, a company and in particular an IT organisation with a strong SAP basis receives a competent and sustainable partner for SAP topics and technologies, who is always looking at the SAP picture in general. Furthermore, all business and IT departments are aware of the role and the scope of the SAP basis. This means that you can contact them as the right person in good time. There is a lower risk that certain areas may develop shadow IT related to SAP topics and technologies due to lack of transparency.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
This is where users read required information and enter new data into the system.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
Now all the roles that have been copied previously are inserted here.