SAP Basis Consulting regarding the use of hardware, database as well as operating systems and their installation type (physical or virtual) - NW Admin

Direkt zum Seiteninhalt
Consulting regarding the use of hardware, database as well as operating systems and their installation type (physical or virtual)
Two ways to use Security Automation
Parameters in the SAP create a high degree of flexibility. Profiles can be used to configure the system for almost any purpose. But with such a large number of parameters one quickly loses an overview of the influence of each parameter. For storage management alone, there are 20 different parameters that can be changed at different points in the SAP system. This article brings order to the mess and explains the most important parameters. There are three types of memory in the SAP system for a work process: ・ Roll Area - Local Memory Area for a Work Process ・ Extended Memory - Global Memory Area for All Work Processes ・ Private Storage /Dynamic Memory (Private Memory/Heap Memory) - Private Memory Overview of SAP System Memory Regions Parameters for the Rolling Range When a user starts a programme, a role area is created for that programme instance through a workprocess. The user context is stored in this memory area. The size of the roll area for a work process is determined by the ztta/roll_first parameter. If the storage area is not sufficient, a portion of the Advanced Memory will be allocated for the user context, the size of which will be determined by ztta/roll_extension, ztta/roll_extension_dia, and ztta/roll_extension_nondia. The latter two override ztta/roll_extension if used and offer the possibility to set different quotas for dialogue and non-dialogue work processes.

The following list explains the steps in the order they are performed by SPAM: PROLOGUE This step will check if you are eligible to play Support Packages. CHECK_REQUIREMENTS In this step, different requirements for inserting are checked, e.g. the login of the transport control programme tp to your system. DISASSEMBLE In this step, the data files are unpacked from the corresponding EPS packages and placed in the transport directory. ADD_TO_BUFFER In this step, the queue is placed in the transport buffer of your system. TEST_IMPORT This step checks whether there are any objects that are overridden during the commit and are in unreleased tasks. IMPORT_OBJECT_LIST In this step, the object lists for the support packages that are in the queue are fed into the system. OBJECTS_LOCKED_? This step checks to see if there are any objects that are overwritten during the commit and that are in unreleased jobs. SCHEDULE_RDDIMPDP In this step the transport daemon (programme RDDIMPDP) is planned. ADDON_CONFLICTS_? This step checks to see if there are conflicts between objects in the queue and add-ons installed. SPDD_SPAU_CHECK This step will check if a modification match (transactions SPDD/SPAU) is necessary. DDIC_IMPORT In this step, all ABAP Dictionary objects of the queue are imported. AUTO_MOD_SPDD This step checks whether modifications to ABAP Dictionary objects can be adjusted automatically. RUN_SPDD_? This step prompts you to customise your modifications to ABAP Dictionary objects by calling the transaction SPDD. IMPORT_PROPER In this step, all repository objects and table entries are fed. Then actions such as distribution, implementation, activation and generation take place. AUTO_MOD_SPAU This step checks whether modifications can be adjusted automatically. RUN_SPAU_?
Creating users, assigning roles, locking and unlocking users, etc
This makes the technical user the dialogue user and a login in the SAP system is unrestricted. So Johannes logs in with the known password of the RFC user in the production system. Thanks to very extensive permissions, it now has access to all sorts of critical tables, transactions, and programmes in production. With the identity of the RFC user Johannes starts with the technical compromise of the production system... RFC Security: All invented - or everyday threat? Whether a simple trim, altered biometric properties or an encapsulated technical user in the SAP system: the basis of the compromise is the same. A person uses a different identity to gain access and permissions to protected areas. Moreover, the evil in all three stories could have been prevented by pro-activity. When was the last time you thought about the security of your RFC interfaces? Can you say with certainty that all your technical RFC users only have the permissions they actually need? And do you know who exactly knows the passwords of these users? Can you 100% rule out that not now in this moment an SAP user with a false identity infiltrates your production systems? Change now: It's about pro activity! But before you start now and start looking for the "identity converter" (which I really do not recommend!), I suggest that you take root of evil and proactively strengthen your RFC security. So if you want to find out more, I have the following 3 tips for you: 1) Our e-book about SAP RFC interfaces 2) Clean up our free webinar about RFC interfaces 3) Blog post about our approach to optimising RFC interfaces As always, I look forward to your feedback and comments directly below these lines!

Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.


In every company with an SAP system, there is someone who is responsible for the SAP Basis. This person ensures the trouble-free operation of the SAP system. He or she accompanies maintenance work and intervenes in special situations, such as poor performance. Even for companies that hand over the operation of Basis to an external service provider, there are often still tasks from the user and authorization management environment at this point.

Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".

While SAP Basis is the field of activity of system administrators, ABAP is a programming language in which SAP applications are written.

A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.

Continue the playback.
NW BASIS
Zurück zum Seiteninhalt