SM49 External operating system commands
Individual SAP Basis and Database Service for your business software
Presentation layer: The presentation layer is the top layer of the R/3 SAP Basis system and includes communication with the user. Here, the data is graphically prepared for the user on the terminal device by means of software components from the application programs of the application layer. The presentation layer represents the interface to the user (SAP GUI).
Furthermore, you enrich our team with: Knowledge or experience in SAP NetWeaver technologies (e.g. AS-Java, AS-ABAP, S/4HANA SAP PI, SAP BI, SAP Gateway or SAP folder management), Experience in the administration of Windows or Linux server systems, databases or web applications, Knowledge or experience in the administration of server hardware and storage technologies, very good conceptual skills in system design and system integration, very good knowledge in the area of security relevant topics of IT system operation, good teamwork skills, good communication skills and a service-oriented attitude with high self-motivation and willingness to perform. Good written and spoken German skills are expected (level similar to at least B2). Regular further training will help you to develop your personal skills in a targeted manner.
SCU3 Evaluation of logged customizing objects and tables
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Some useful tips about SAP basis can be found on www.sap-corner.de.
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
Creating clients, copying clients, deleting clients, etc.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
A role concept according to best practice protects you from potential attacks within your SAP landscape.