CHANGE OF PERCEPTION
Restricting the user name in the SAP system
The presentation layer is based on the software components, collectively called "SAP GUI". This includes several possible implementation variants: for example, SAP GUI for HTML (Web GUI) and Web Dynpro for ABAP (WDA). Since the respective GUI depends entirely on the concrete application, the presentation layer looks very different in practice.
Another important example is the reading permission for TemSe objects. The temporary files are often forgotten, because it is often not considered that cached (strictly) sensitive data, which is intended for only one user (owner), can be viewed by another user without permission - and across clients. The examples mentioned show us how important it is to carefully assign permissions for client-independent transactions. Download Transaction tables The transactions that enable the examples above, including certain expressions of the associated permission objects and our recommendations for them, can be found in the file "Critical cross-client permissions" for download. Other client-independent transactions are located in the Cross Clients TCODES file. The criticality of these transactions should be assessed according to the context. I recommend always being careful and keeping these transactions in mind.
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
To establish the new and changed roles in one's own company, it is necessary to create incentives. This applies in particular to specialised roles. Incentives could include, for example, the offer to attend selected SME congresses, the setting of a career path, training and monetary incentives. The new roles also provide increased visibility and participation in company decisions.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
Furthermore, all business and IT departments are aware of the role and the scope of the SAP basis.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Fiori Eligibility for OData Services The launch authorisation for the OData service stored in the backend from a Fiori app is queried on both the front-end and back-end servers when the application is launched.