Determination of specific transactions with user assignment using SE16N
Configuration as well as maintenance and backup
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
The role of the SME describes an expert in a particular field, such as SME databases or SME-SAP-HANA, in the context of SAP products and is gaining in importance due to new technologies and thematic areas. The role of the SME thus corresponds to an expert role in the technology environment. It has a good network within the IT departments and, if necessary, to other business units within the company. In order to carry out its activities, it is necessary to have already acquired practical experience in the operation of its thematic focus. Expert tools are also used to fulfil his task. Through the exact definition of disciplines, the SME assumes the informally many tasks of the traditional SAP basis administrator and also new disciplines in the course of new technologies. In addition to the existing features, there will be in the future such as SME-Cloud, SME-SAP-HANA/Databases, SME-Supplier-Management, SME-Security, SME-Compliance, SME-Landscape-Virtualisation-Management (SME-Landscape-Virtualisation-Management) and SMESolution-Manager. SME-Cloud is in contact with the global cloud manager (if it exists in the company). In addition, an expression SME-Security is in contact or reported to the global corporate security sector. An expression SME-Supplier-Relationship-Management or Supplier-Management is orientated both internally (coordination with other departments) and externally (coordination and communication with suppliers). The SME cloud is a special feature of SME Supplier Management.
Before the project starts, it must be clear which systems are to be connected to the IdM and which services the system is to provide. This requires close collaboration between the department and IT, as later adaptations or additional systems will extend the implementation and exceed the budget. Analysing existing data To successfully implement an Identity Management System, high quality data is essential. Users' root data must be verified, updated, or maintained. Automation with incomplete or even incorrect data is otherwise not conceivable. Rethinking the Permission Concept With the introduction of an Identity Management System and a workflow for permission granting, the existing roles should be scrutinised once again. You should ask yourself whether the user knows what role he chooses from the current catalogue and whether it is sufficient for his task. Set Role-Owner Not only the user needs to know which role to choose. There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.
In the past, when we deployed SAP environments, we first had to work out a detailed sizing and architecture and pass it on to the procurement team, which then ordered the systems and installed them in the data center. From there, it went on to the network team, the storage team, the operating system team, and the database team. So it was not uncommon for three to six months to pass between the architecture design and the installation of a new SAP system.
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP basis.
If table logging is active in your system, you can specify which tables are to be logged in transaction SE13.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
It is also necessary to check whether the adaptation of business processes to avoid modifications to the implementation may be more effective and therefore more cost-effective.