Transaction code description
What does an SAP Basis administrator do?
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
If you get a tp-step in the cancel message, it is a transport order-independent step whose logs cannot be displayed with logs. In this case, analyse the following files: tp-Step 6: P
tp-Step N: N tp-Step S: DS All protocols are located in /usr/sap/trans/log.
Basis administrators often have basic ABAP knowledge, for example, and ABAP developers know the basics of SAP Basis. Nevertheless, the two fields of activity are usually organizationally separated in the company.
Inheritance Hierarchy with Master Roles and Associated Roles If you have created multiple derived roles, a simple overview of all "related" roles can be convenient. To do this, call any derived role, or the master role, and then click the "Inheritance Hierarchy" button. You will now get a detailed overview of which roles are assigned to which master role.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
What code is often executed? Which database tables are accessed regularly? What unused developments exist? - The UPL provides answers to these questions.
This can be done through automated monitoring, validation using tools such as SAP-LVM (Landscape Virtualisation Management) or SAP Solution Manager, as well as manual checklists.