SAP Basis Consulting
Process transports between systems
This makes the technical user the dialogue user and a login in the SAP system is unrestricted. So Johannes logs in with the known password of the RFC user in the production system. Thanks to very extensive permissions, it now has access to all sorts of critical tables, transactions, and programmes in production. With the identity of the RFC user Johannes starts with the technical compromise of the production system... RFC Security: All invented - or everyday threat? Whether a simple trim, altered biometric properties or an encapsulated technical user in the SAP system: the basis of the compromise is the same. A person uses a different identity to gain access and permissions to protected areas. Moreover, the evil in all three stories could have been prevented by pro-activity. When was the last time you thought about the security of your RFC interfaces? Can you say with certainty that all your technical RFC users only have the permissions they actually need? And do you know who exactly knows the passwords of these users? Can you 100% rule out that not now in this moment an SAP user with a false identity infiltrates your production systems? Change now: It's about pro activity! But before you start now and start looking for the "identity converter" (which I really do not recommend!), I suggest that you take root of evil and proactively strengthen your RFC security. So if you want to find out more, I have the following 3 tips for you: 1) Our e-book about SAP RFC interfaces 2) Clean up our free webinar about RFC interfaces 3) Blog post about our approach to optimising RFC interfaces As always, I look forward to your feedback and comments directly below these lines!
In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!
DBACOCKPIT DBA Cockpit: Maintaining the System Configuration
Verify that the data file was generated. If it was not created, make sure that the [Page 10] Recreate Data File settings in SPAM settings are enabled. For more information, see Note 70752. ADD_TO_BUFFER In this step, the queue is placed in the transport buffer of your system.
Automatic error handling when a job is aborted is desirable and useful in most cases. The conscious processing and consideration of error situations in job chains - also at step level - can help to reduce manual effort. Error situations should be catchable: If they are non-critical elements, the following job can perhaps be started anyway. In the case of critical errors, a new attempt should be made or an alert issued so that an administrator can intervene manually. Simple batch jobs are usually not capable of this. The goal of an automated environment is not to have to react manually to every faulty job.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
This is where all the system's data resides.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
It is necessary to participate regularly in information events organised by SAP, DSAG and also by third parties and to obtain their information media in order to stay up to date on the changes in the SAP product portfolio and the associated technological developments.