SNOTE Note Assistant (SAP Notes)
Authorization management: preparation and follow-up of audits as well as ongoing or selective support
Understanding the structure and functionality of the system is especially important for IT administration. It's not for nothing that "SAP Basis Administrator" is a career field in its own right. Instead of data and application development, the focus here is on providing the software environment on which the company's tools are created. SAP Basis is therefore comparable to the server and platform infrastructure and its administration in companies - as distinct from application and web development.
User name without restrictions - critical? Depending on the release of the SAP_BASIS component in your system, invisible special characters may end up in the user name. This is especially critical if only spaces or alternate spaces are used for the user name when creating a new user. In Unicode systems, "alternative" spaces, so-called "wide spaces", can be used in addition to the normal space character (hexadecimal value 20). For example, the key combination "ALT+0160" can be used to insert non-breaking spaces. If a user is now created whose user name consists exclusively of such alternative spaces, this can be confusing. This is because entries for this user ID do appear in change documents, but the impression is created that the entry was created by a non-existent / deleted user. This circumstance can lead to confusion. In addition, certain special characters in the user name can also lead to errors, for example in the Change and Transport System (CTS). This is because the user name is also used in the CTS-ORG to create a file with the same name in the transport directory. Furthermore, there are letters/characters that look identical in different alphabets, but have a different hexadecimal value in the character set. This means that confusion in user names cannot be completely ruled out. Seemingly identical user names then stand for different users.
Database layer (relational database management system)
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
A note box in which data of all kinds can be quickly filed and retrieved. This is what Scribble Papers promises. At first, the program looks very spartan. But once a small structure is in place, you realise the great flexibility of this little helper.
If you are running a multi-system landscape with a common transport directory, it is convenient to enable this option only in the first system you are inserting support packages into, and to disable it in the following systems. Since the data files no longer need to be regenerated there, this saves time when playing in. Delete data files after inserting You can specify whether the data files should be deleted after inserting the support packages. This saves disk space and is enabled in the default setting. If you are running a multi-system landscape with a common transport directory, it is convenient to disable this option, since then the data files in the other systems no longer need to be re-created (see above Regenerate data files). Execute ABAP/Dynpro generation This option determines whether the programmes and screens shipped with the support packages should be generated during the commit. Note that generation can take a long time. Without automatic generation, the programmes and dynpros are not generated until the first call. Note that this parameter can only be affected by you if the generation is allowed by SAP during the insertion of this support package. The SPAM update does not affect the generation. SPAM Settings Option SAPM Basic Setting Transmission Monitor From Scenario Standard Rebuild Data File A data file after the example. Delete Do a Generation From Use the transaction SPAM to insert Support Packages [page 8] into your system, regardless of whether the support packages come from the SAPNet - R/3 Frontend, the SAPNet - Web Frontend, or Collection CDs. Prerequisites User: It must have the appropriate permissions [page 7] for the SAP Patch Manager. He must be registered with the client 000. He must have called the transaction SPAM. Select Tools ABAP Workbench Tool Maintenance Patches or enter the transaction code SPAM.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
I am convinced that over the next ten years we will see profound changes in the daily work routines of SAP Basis experts.
As we explained in SAP Basis, your SAP Basis administrator (or team) is directly responsible for keeping your SAP landscape healthy, online and up-to-date.