SLG0 / SLG1 Evaluate application log
Set up operating modes
There are the following reasons that may lead to the termination of this step: CANNOT_GET_OBJECT_LIST: The Object List of a Support Package could not be found because the Support Package does not exist. CANNOT_GET_LAST_UPGRADE_INFO: Unable to locate information about the latest Repository Switch upgrade. UNRESOLVED_ADDON_CONFLICTS: Conflicts with add-ons could not be resolved because the corresponding CRTs from the queue are missing. SPDD_SPAU_CHECK This step will check if a modification match (transactions SPDD/SPAU) is necessary. DDIC_IMPORT This step imports the ABAP Dictionary.
All the roles that contain the string "ADM" are considered critical, as they usually refer to administrative roles. When identifying critical SAP permissions, profiles and roles, it should be noted that SAP does propose a concept for names, but this is not always taken into account by applications or its own developments.
Interface monitoring and support
Today, there is a much wider choice, with our AIOps platform Avantra, code cleansing tools such as Panaya, test automation with HP Quality Center and IT service management with ServiceNow being just a few examples. The SAP software partner ecosystem is in good health.
Cross-client tables can be modified. The control system of another, productive client can thus be undermined and undermined. Quite a lot of power! Did you also know that the SAP system provides a feature that deletes table change protocols (DBTA BLOG table) and that it is effective across all clients? If the table change logs have not been additionally archived via the BC_DBLOGS archiving object, traceability is no longer available. That way, every criminal act within your company can be beautifully covered up. Similarly, full access to batch management allows you to manage all background jobs in all clients with the permission. This allows you to delete old background jobs that have gone unauthorised. There are also some points to consider when managing print jobs. Typically, the following two SAP access permissions are enabled to protect print jobs: S_SPO_DEV (spooler device permissions) S_SPO_ACT (spooler actions). Why? Confidential information in print jobs is not protected against unauthorised disclosure. (Strictly) sensitive print jobs can be read unauthorised or redirected to external printers and printed out. Print jobs are unprotected unless additional SAP access permissions are enabled to protect print output. The print jobs are multi-tenant, which means that the authorisation award should also be well thought through at the point.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
You can also define the roles according to a different scheme.
If the additional memory in the Advanced Storage Area is still not sufficient for the user context, the optional second role area can be used.