What does an SAP administrator need to be able to do?
SCC1 Client copy
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
The consistent implementation of the role concept enables a manageable complexity of the tasks per employee. At the same time, through the respective SMEs, the concept creates expertise in specific topics and enables communication on an equal footing with upstream or downstream IT departments as well as with external service providers. The establishment of technology architects also ensures that the overall picture is not left out of sight in the context of the SAP product portfolio. Deficits can also be addressed on issues such as policies and security. Overall, the role concept provides guidance for the employees and their career planning as well as guidance regarding the range of tasks and contacts for IT departments and business areas.
KEEP COMPLEXITY PER CAPITA EXPECTABLE
ITIL stands for The IT Infrastructure Library. ITIL is a summary of "best practices" rules for professional implementation of IT service management. ITIL has established itself as an international standard in the area of IT business processes. The ITIL set of rules describes the processes, the organizational structure and the tools required for IT infrastructure. ITIL is based on the economic added value that IT operations provide for the company. itSMF Deutschland eV has further developed and improved these standards, and at the same time operates a portal for exchanging knowledge and experience.
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Automatic error handling when a job is aborted is desirable and useful in most cases. The conscious processing and consideration of error situations in job chains - also at step level - can help to reduce manual effort. Error situations should be catchable: If they are non-critical elements, the following job can perhaps be started anyway. In the case of critical errors, a new attempt should be made or an alert issued so that an administrator can intervene manually. Simple batch jobs are usually not capable of this. The goal of an automated environment is not to have to react manually to every faulty job.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
However, there are a few things to keep in mind: A process for granting special rights should be defined.
You can view them using the RSPUTPRT report or the AL11 transaction.