R/3 SAP Basis System Structure
Change and release management
The SAP Identity Management System (IdM) enables centralised user and permission management in a heterogeneous system landscape. By using an IdMSsystem, manual processes can be replaced by automated workflows that are mapped and administered centrally. Examples of scenarios: 1) User and Authorisation Management 2) ESS/MSS for the management of personnel data 3) Audit and monitoring for the verification of compliance with legal regulations What should be taken into account, however, if you want to introduce an Identity Management System? In this contribution, I would like to highlight fundamental points that need to be clarified before the introduction.
User name without restrictions - critical? Depending on the release of the SAP_BASIS component in your system, invisible special characters may end up in the user name. This is especially critical if only spaces or alternate spaces are used for the user name when creating a new user. In Unicode systems, "alternative" spaces, so-called "wide spaces", can be used in addition to the normal space character (hexadecimal value 20). For example, the key combination "ALT+0160" can be used to insert non-breaking spaces. If a user is now created whose user name consists exclusively of such alternative spaces, this can be confusing. This is because entries for this user ID do appear in change documents, but the impression is created that the entry was created by a non-existent / deleted user. This circumstance can lead to confusion. In addition, certain special characters in the user name can also lead to errors, for example in the Change and Transport System (CTS). This is because the user name is also used in the CTS-ORG to create a file with the same name in the transport directory. Furthermore, there are letters/characters that look identical in different alphabets, but have a different hexadecimal value in the character set. This means that confusion in user names cannot be completely ruled out. Seemingly identical user names then stand for different users.
A role concept according to best practice protects you from potential attacks within your SAP landscape. However, to protect your system from unauthorized access via the network, the SAP Gateway must be configured correctly. It enables the use of external programs via interfaces or the call of ABAP programs and serves as a technical component of the application server, which manages the communication of all RFC-based functions.
SAP Basis is a middleware tool for applications, operating system and database. The SAP Basis consultant should be able to perform the following tasks.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
In this case, it refers to the management and control of SAP systems via various administration and monitoring tools.
For example, SAP R/3 Plug-In Support Package 10 for SAP Plug-In 2004.1 requires SAP Basis Plug-In 2005.1.