SAP Security in Transition - SAP HANA Permissions
SMICM ICM monitor from server
SAP Basis ensures smooth operation of the SAP Basis system. The SAP Basis system is a kind of operating system of the R/3 system or SAP ERP. It includes the three layers database, application and presentation. In addition, Basis includes many SAP middleware programs and administration tools. With Basis SAP applications can be used compatible and independent of operating system and database and can be enriched with the necessary data.
The integration of the SAP basis enables solutions to be introduced faster and better integrated into the existing system landscape. This is partly because the solutions are already known in advance and the necessary knowledge exists or is already planned. This will make it easier to implement the roadmap. It should also be noted that a clear strategy on digitisation and also on cloud products in general, as well as their possible uses, sets out a framework for action that all parties can follow. The participants thus know where the company wants to develop or orientate itself, what is possible and what is not possible or permitted. Thus, both companies and the parties have a valid point of reference at all times. This also leads to an increased acceptance within the SAP basis and a more practical implementation for the SAP basis, as the mentioned expertise is already present in the strategy. As a result, this makes it easier and cheaper to ensure operation in a manageable system landscape.
View the support package level of the installed software components
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP basis.
The goal of an automated environment is not to have to react manually to every faulty job.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
Standardised SAP scripts are welcome here.