SAP Basis Installing, maintaining and servicing other software that is not an SAP system but also provides important functions such as SAP Router, SAP Cloud Connector, TREX, SAP ETD and many more - NW Admin

Direkt zum Seiteninhalt
Installing, maintaining and servicing other software that is not an SAP system but also provides important functions such as SAP Router, SAP Cloud Connector, TREX, SAP ETD and many more
SAP Basis - operation, structure and definition
User name without restrictions - critical? Depending on the release of the SAP_BASIS component in your system, invisible special characters may end up in the user name. This is especially critical if only spaces or alternate spaces are used for the user name when creating a new user. In Unicode systems, "alternative" spaces, so-called "wide spaces", can be used in addition to the normal space character (hexadecimal value 20). For example, the key combination "ALT+0160" can be used to insert non-breaking spaces. If a user is now created whose user name consists exclusively of such alternative spaces, this can be confusing. This is because entries for this user ID do appear in change documents, but the impression is created that the entry was created by a non-existent / deleted user. This circumstance can lead to confusion. In addition, certain special characters in the user name can also lead to errors, for example in the Change and Transport System (CTS). This is because the user name is also used in the CTS-ORG to create a file with the same name in the transport directory. Furthermore, there are letters/characters that look identical in different alphabets, but have a different hexadecimal value in the character set. This means that confusion in user names cannot be completely ruled out. Seemingly identical user names then stand for different users.

So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
Change and Release Management
Basically, an excellent IT knowledge is required. In addition, SAP administrators must of course be particularly competent in this area and be able to deal confidently with all issues relating to SAP solutions. Since they often also work in international companies, it is an advantage if they have a very good command of written and spoken English.

The website www.sap-corner.de offers many useful information about SAP basis.


In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!

For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.

In theory, a single server could fill this role.

The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.

In the following dialogue, select a TADIR service and the programme ID "R3TR" and the object type "IWSG".
NW BASIS
Zurück zum Seiteninhalt