Table of contents
System modifiability and client control in an SAP system
Another way to secure your gateway using the SAP standard is to encrypt communication using Secure Network Communication (SNC). In the case of unprotected data communication paths between different client and server components of the SAP system that use the SAP protocol RFC or DIAG, the data exchange takes place in plain text and there is a risk that this can be read. With the help of SNC, you can create end-to-end encryption (E2EE), which can be used to secure communication between two components, such as between the application server and SAP GUI. In addition, SNC encryption provides the basis for using SAP Single Sign-On (SSO) as a security solution, which significantly reduces the internal effort of password management.
In transaction PFUD (see image above), you can perform the user match manually for all roles (or selected roles). You can choose between the matchup types Profile Matchup, Matchup of Indirect Assignments from Composite Roles, and Matchup HR Organizational Management. According to SAP documentation, the matchups differ as follows: Profile Matchup: "The program compares the currently valid user assignments of the selected single roles with the assignments of the associated generated profiles and makes any necessary adjustments to the profile assignments. Matching indirect assignments from composite roles: User assignments to composite roles result in indirect assignments for the single roles contained in the composite role. This match type matches the indirect assignments of the selected single roles to the user assignments of all composite roles that contain the single roles. If the selection set contains composite roles, the comparison takes place for all single roles contained in it. HR Organizational Management comparison: This comparison type updates the indirect assignments of all selected single and composite roles that are linked to elements of HR Organizational Management. The HR adjustment is inactive and cannot be selected if no active plan version exists or if a global deactivation has been made by setting the Customizing switch HR_ORG_ACTIVE = NO in table PRGN_CUST. Furthermore, the option "Perform cleanup" is interesting, which can be selected independently of the three adjustment types and does not refer to the role selection. The Perform Cleanup function can be used to remove residual data that resulted from incomplete deletion of roles and the associated generated profiles.
SAP Basis is simpler
SAP Basis is responsible for the smooth operation of programs in the SAP system. It acts like an operating system for R/3 and subsequent releases including S/4HANA. Each operating system provides an environment in which programs can run, such as MS Office on Microsoft Windows.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
To facilitate communication within IT departments, it is necessary to identify clear communication channels and contact persons and also to use uniform tools for communication. It would also be possible to designate contact points (contact points) for upstream and downstream IT departments and external service providers and suppliers.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
However, our security experts specialise in this.
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Encryption costs performance, so it is not used by default.