ABAP Code Security - SAP Code Vulnerability Analyzer / Virtual Forge CodeProfiler for ABAP
System Retirement
In the SAP product world, the presentation layer is based on several modules that are grouped under the collective term SAP GUI. SAP GUI for Windows, SAP GUI for Java, Web Dynpro for ABAP (WDA) and SAP GUI for HTML ("Web GUI") are widely used.
Inheritance Hierarchy with Master Roles and Associated Roles If you have created multiple derived roles, a simple overview of all "related" roles can be convenient. To do this, call any derived role, or the master role, and then click the "Inheritance Hierarchy" button. You will now get a detailed overview of which roles are assigned to which master role.
Hosting of the SAP systems
In the past, when we deployed SAP environments, we first had to work out detailed sizing and architecture and pass this on to the procurement team, who then ordered the systems and installed them in the data center. From there, it went on to the network team, the storage team, the operating system team, and the database team. So it was not uncommon for three to six months to pass between the architecture design and the installation of a new SAP system.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
The Enterprise Search in Solution Manager 7.2 In the SAP Solution Manager, the SAP Enterprise Search provides a comprehensive full-text search.
For this reason, cross-platform, integration-capable job schedulers that can respond to unplanned events are in demand.