Application layer
A new SAP system is created...
SAP will provide all SAP Notes in the SAP ONE Support Launchpad digitally signed. This is to increase the security when the updates are loaded. If you have unsigned SAP hints, there is a risk that the notice has been changed unnoticed and malicious code will be added to your SAP system when you install the notice. This poses a significant threat to the SAP system, which is why the digitally signed provision of the clues is an important improvement. However, to use digitally signed notes in your system, you will need to take a few steps to prepare them. If you install SAPCAR version 7.2 or later and have a user with the necessary permissions, all you have to do is insert the Note 2408073 into your system and do the manual pre- and post-processing. A digital signature technically ensures that any change can be detected at the notice and can be checked by the system to see if the present note, which is to be inserted into the system, is unchanged. Prerequisites to use digitally signed SAP hints To prepare your SAP system for digitally signed clues, you first have to meet some requirements: Digital signed SAP hints are provided as SAR files. The SAR files are unpacked with SAPCAR and checked for their digital signature. SAPCAR must be available on the Application Server in version 7.20 or higher. Therefore, it is strongly advised to update SAPCAR. If SAPCAR is not at least in version 7.20, the digital signature verification fails and the message cannot be unzipped. Installation of the digitally signed clue is then not possible. The implementing user also needs some permissions to perform the necessary manual pre- and post-processing of the note on the system: Authentication for the transaction SLG1 Read permission for the S_APPL_LOG permission to write and delete data from the application directory Upgrade the SAPCAR version on your system to version 7.20 or higher SAP basis version 700 or higher, for older versions the notice must be inserted manually If you have met these requirements, you can use the implementation of note 24080 Start 73. Implementation SAP Note number 2408073.
In addition to proactive monitoring to prevent possible errors or even complete system failures, our SAP Basis team also implements clearly defined authorization concepts. So that unauthorized persons cannot access important data and your employees are protected from unintentional violations.
SAP BASIS OPERATIONS
The Security Audit Log (SAL) is one of the most important elements when it comes to security in your SAP landscape. With SAL critical and security relevant activities in SAP systems can be recorded and evaluated. The settings in SAL are relevant for secure continuous operation.
Some useful tips about SAP basis can be found on www.sap-corner.de.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
We set about creating detailed playbooks for all common scenarios - installations, portals, upgrades and migrations - and platforms. Today, hardly any consulting firm can do without them, but in my early days they gave us a decisive edge over the competition and earned us many satisfied customers.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
But how should non-client transactions be treated? How can you prevent one client from accessing the other and why should you want to prevent that? In this blog post, I will answer these questions and discuss some negative examples.
In the Security Auditlog, you can use various filters to determine which users are logged on which client and which information.