Installation/updating of SAP systems based on SAP Netweaver
Aufbau der SAP Basis
This is the heart of the SAP system. In the classic three-tier model, this would be the logic or control layer. One or more application servers host the necessary services for the various applications at this layer. These application servers provide all the services required by the SAP applications. In theory, a single server could fill this role. In practice, these services are in most cases distributed among several servers, each serving different applications.
SAP Basis or system administrators work with SAP Basis in a company. They are responsible for the correct installation, configuration and maintenance of the SAP application servers and applications, and in some companies also for the operating system and the SAP database if no administrators are available. Using SAP's own programming language ABAP, developers and programmers design SAP applications that run on the ABAP stack of the SAP NetWeaver Application Server as the only publicly accessible ABAP runtime environment. In some cases, the boundaries between ABAP developers and SAP Basis administrators are permeable, and each of the two groups of specialists has a basic knowledge of the other. As a rule, however, the competencies remain separate.
For the authorisation requirement of a user, the transactions with user assignment already awarded should be determined accordingly, in order to be able to exclude them when selecting a suitable role. How does this work? There are various ways to identify specific user-assigned transactions, with varying degrees of result. The following article presents two variants. The first section first describes how to use SUIM to address the problem and what problems are encountered. It then explains how the task can be solved by using the transaction SE16N. As in the previous blog post Identifying all transactions of multiple roles, the roles Test_Schmidt1 and Test_Schmidt2 are used for this. Two of the transactions MM01, MM02, MM03 and MM04 were assigned to these roles in different ways. In the Test_Schmidt1 role, the transactions MM01 and MM02 were entered in the Role menu. In the Test_Schmidt2 role, the transaction MM03 was maintained in the menu of the role, but the transaction MM04 was maintained only in the S_TCODE permission object of the role. Both roles have been assigned to the user SCHMIDT_TEST. Identification of certain transactions with user assignment using SUIM This option is useful if only one transaction is to be checked for its existing assignment to a particular user. The audit is carried out here by means of the transaction SUIM. For this purpose, the variant "Roles according to complex selection criteria" has to be executed in the SUIM. After activating the option "With valid assignment of", the corresponding user and the transaction to be checked will be entered here. It is also recommended to hide the display of the collection roles in the search results.
In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
As a result, regular events took place at the SAP office in Freiberg am Neckar and St Leon-Rot, with the participation of up to 15 companies.
If errors occur, SPAM will interrupt the playback to ensure consistency of the recording.