Authorization management: preparation and follow-up of audits as well as ongoing or selective support
Creating a basis for the SAP landscape
SAP Basis is responsible for the smooth operation of the SAP Basis system. The SAP Basis system is like an operating system for R/3 as well as S/4. Every operating system, such as Windows, provides an environment in which programs developed for that environment can run, such as MS Office. Likewise, the SAP Basis system provides an environment in which SAP programs can run. In any R/3 or S/4 system, there is a database server, such as HANA, where the database resides. It provides the necessary data to all other applications. The data here is not only data tables, but also applications, system control tables and user data.
What makes using Avantra so interesting is the elimination of manual effort. This frees up SAP technology teams to build new skills.
A DECISION TO CREATE YOUR OWN, OR IT SERVICES FOREIGN
In the authorization environment, in addition to assigning authorizations to SAP users, there are a number of important SAP Basis settings that you should check regularly to ensure that your SAP system is fully protected, both internally and externally. For example, particularly in the context of an audit, it is important to ensure that changes to the SAP system always remain traceable. In this blog, I would like to show you how you can best implement this and what to look out for.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
If you were to manipulate a block afterwards, you would have to adjust all the blocks that follow.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Other client-independent transactions are located in the Cross Clients TCODES file.