CREATING NEW ROLES
Optimizations
Tasks such as the update of components, the insertion of security updates or monitoring should be further automated. It is recommended to use only one automation tool (SAP Solution Manager or SAP LVM). Custom solutions and scripts should not be used or replaced with standard tools if possible, because otherwise different script languages and script versions will have to be managed, resulting in a lot of maintenance. Standardised SAP scripts are welcome here. A useful definition of thresholds, for example on the basis of historical system behaviour, must also be defined for monitoring.
The SAP basis as an organisational unit within a growing IT organisation is facing far-reaching changes. The growing number of technologies and the growing need for integration and collaboration with upstream and downstream IT departments means that the SAP basis is constantly growing. Examples of organisational concepts and further information can be found in chapters 7.6 and 9.4 of the Master's thesis.
Interface support
In order to reduce the variety of different system variations and the related variety of routine tasks, it is necessary to reduce the number of customer specifications. In particular, the implementation, set-up and configuration of the systems and security concepts must be harmonised or returned to the SAP standard. To this end, it is necessary to establish, in cooperation with the relevant IT departments, a standard for, for example, operating systems and databases within the limits set by the product.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
In addition, you can also define the hosts on which these programmes will run.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Among others: after a role transport to / when assigning users to roles via PFCG after restricting the validity of roles to users when roles are assigned indirectly via organizational management.