Installation of SAP milieus
Analysis and reflection of the existing system configuration
There are thus numerous interfaces between these fields of activity. As a result, the boundaries become blurred in some cases.
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
Installation Services in all common environments
If you have already defined a Queue, but the Queue does not meet its requirements or has encountered errors, you can delete it again. Note that your system is inconsistent when you delete the queue after objects have been imported (for example, after an error in the DDIC_IMPORT step and following). The deletion in these SPAM steps should only be used for troubleshooting and you should repeat the insertion of the support packages as soon as possible. Note that starting with SPAM/SAINT version 11, you cannot delete the queue after the DDIC_IMPORT step and following. Procedure Select View/Define SPAM in the entry image of the transaction. You will get a dialogue box that displays the current queue. In this dialogue box, select Delete Queue. Result The queue has been deleted. You can define a new queue.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
In addition to internal security requirements, national and international guidelines sometimes require all audit and security-related user actions to be recorded. With the Security Audit Log (SAL) you have the possibility to log all changes, e.g. for users, user master records, but also roles and groups.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
In this context, responsible employees perform a number of classic tasks.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways.