Two ways to use Security Automation
Technical implementation and typical tools in the SAP Basis environment
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
The technology architect is well acquainted with the company's core business, has business process and project management expertise. As part of its activities, the technology architect does not exercise project management or project management. He develops and develops strategies and solutions in coordination with higher authorities, IT departments and also business units. It defines requirements for the implementation and operation, which it aligns with the operator or with the necessary expression of the Subject Matter Expert. He also takes care of new technologies in his field of activity and is thus a driver of innovation and a catalyst from a technical point of view. He also acts as a contact for enterprise architects in the company. However, this role will be much more coordinated in the future. The range of tasks will therefore increase in width. An additional requirement in the future will be the understanding of company policy.
From installation to ongoing support
Regular maintenance tasks or the standard procedures must be described and defined to build checklists based on them and to control compliance with this standard. The SAPSolution-Manager can also support this as a tool of SAP e.g. through the Guided Procedures. In this context, it is also necessary to document the functionality of an underlying application and thereby determine what testing and monitoring activities are necessary. This is a reconciliation process between the SAP basis, other IT departments and, if necessary, the business areas concerned. The defined standard and the system's IST situation must be fully documented and regularly checked for compliance. This can be done through automated monitoring, validation using tools such as SAP-LVM (Landscape Virtualisation Management) or SAP Solution Manager, as well as manual checklists. Only the regular review of the standards guarantees their compliance. It can also support the regular use of SAP services such as Go-live Checks or Early Watch. Examples of how to standardise procedures are listed here: ・ Naming of system instances and logical hosts, or at least one central registry in a directory service, or LVM or SAP customer portal ・ Centrally starting and stopping systems, such as via the LVM ・ Categorising SAP instances by T-shirt size to define profile standards and cost them.
In this SAP Solution Manager training course, we teach you how SAP Solution Manager works. You will get the necessary know-how to implement SAP SolMan yourself.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
CANNOT_ADD_PATCH_TO_BUFFER: A support package could not be included in the transport buffer.
The status bar provides information on the progress of the commit and the latest steps of the SAP Patch Manager.