BENEFITS & CONSEQUENCES
CHANGE TO A NEW ROLE APPROACH
SAP will provide all SAP Notes in the SAP ONE Support Launchpad digitally signed. This is to increase the security when the updates are loaded. If you have unsigned SAP hints, there is a risk that the notice has been changed unnoticed and malicious code will be added to your SAP system when you install the notice. This poses a significant threat to the SAP system, which is why the digitally signed provision of the clues is an important improvement. However, to use digitally signed notes in your system, you will need to take a few steps to prepare them. If you install SAPCAR version 7.2 or later and have a user with the necessary permissions, all you have to do is insert the Note 2408073 into your system and do the manual pre- and post-processing. A digital signature technically ensures that any change can be detected at the notice and can be checked by the system to see if the present note, which is to be inserted into the system, is unchanged. Prerequisites to use digitally signed SAP hints To prepare your SAP system for digitally signed clues, you first have to meet some requirements: Digital signed SAP hints are provided as SAR files. The SAR files are unpacked with SAPCAR and checked for their digital signature. SAPCAR must be available on the Application Server in version 7.20 or higher. Therefore, it is strongly advised to update SAPCAR. If SAPCAR is not at least in version 7.20, the digital signature verification fails and the message cannot be unzipped. Installation of the digitally signed clue is then not possible. The implementing user also needs some permissions to perform the necessary manual pre- and post-processing of the note on the system: Authentication for the transaction SLG1 Read permission for the S_APPL_LOG permission to write and delete data from the application directory Upgrade the SAPCAR version on your system to version 7.20 or higher SAP basis version 700 or higher, for older versions the notice must be inserted manually If you have met these requirements, you can use the implementation of note 24080 Start 73. Implementation SAP Note number 2408073.
Migrations occur, for example, when a customer decides to host his systems at Rödl & Partner and the SAP systems therefore have to be migrated from in-house operation or from the original hosting provider to our data center. Also in the course of a conversion to S/4HANA, the data is migrated from the original database type to an SAP HANA database. This is also done with the tool "SUM" (Software Update Manager) via the so-called "DMO" (Database Migration Option).
Table of Contents
SPAM/SAINT updates (SPAM update) provide updates and improvements to SAP Patch Manager and SAP Add-On Installation Tool. There is always one SPAM update per review that will be updated over time. The version can be found in the short description, e.g.: SPAM/SAINT update - version 4.6A/0001 A SPAM update always comes first in the list of support packages in the SAPNet - R/3 frontend, i.e. before the other support packages. We recommend that you always install the latest version of a SPAM update before installing Support Packages. Prerequisites You can successfully commit a SPAM update only if there are no broken support packages in the system. If there are cancelled support packages, a dialogue box will alert you. You have two options: You will first complete the queue and then the SPAM update. You reset the status of the queue, play the SPAM update first and then the queue. You can reset the status of the Queue by using the Add Status Reset Queue. Note that your system is inconsistent when you reset the queue after objects have already been imported (for example, after an error in the DDIC_IMPORT step and following). Therefore, you should only reset the queue if DDIC_IMPORT was cancelled before the step. For more information, see Steps of the SPAM [page 26]. Note that starting with SPAM/SAINT version 11, it is no longer possible to reset the queue after the DDIC_IMPORT step and following. How to Check if the SPAM update you are offering is newer than the one you are receiving. The current SPAM version appears in the title bar of the SPAM window. To play the latest SPAM update, select Support Package Insert SPAMUpdate. SPAM updates are automatically confirmed after successful insertion. Load Support Package Usage Before you can insert Support Packages, you must first load the appropriate Support Packages.
In the initial screen, you can first use the global settings to specify whether changes should be allowed in general. Furthermore, you can define specifically for the software components and namespaces of the Repository objects whether they can be changed at all, or whether changeability should be restricted.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
I also explain how to eliminate this security risk.
Of course, there are several other storage parameters that would exceed the scope of this article.