What does an SAP administrator do?
Site Reliability Engineering
NEW TECHNOLOGIES AND INNOVATIONS The role of IT is changing (bi-modal IT). On the SAP basis, this new bi-modal organisation is particularly true. On the one hand, it is necessary to continue to ensure the SAP operation in the usual stability and security, and on the other hand, to act as a business innovator in order to fulfil the role as a technology consultant for SAP technology. ADJUST SAP basis NAMING The original definition and naming of the SAP basis no longer meets today's task. Therefore, it is recommended to give the SAP basis a meaningful and contemporary description depending on the future organisation form. For example, the bi-modal role listed in Recommendation [A1] should be taken into account.
It should be mentioned here that it only makes sense to access the tables by reading the SELECT statement to get a quick view of the results. Using the DBACOCKPIT, it is not possible to create entire table structures using Create Table. For such applications, SAP provides other, better options. Another important point is that once a user has the necessary permissions to use the transaction DBACOCKPIT, it can potentially (with appropriate permissions on the tables) access the entire SAP system. For example, a query can be used to read the entire user table. Therefore, the transaction should always be treated with caution and only awarded to administrators. DBACOCKPIT handles the call control permissions similar to the SE16 / SE16N transaction. When the table is called, the S_TABU_DIS or S_TABU_NAM permission object is checked with a specific activity. This means that only the tables or table permission groups for which the corresponding values in the aforementioned permission objects are assigned can be accessed. You can read more about assigning permissions to individual tables here. In addition, you can save SQL statements that you run once, and run them again at any time to recognise changes in the result set without having to reformulate the SQL statement each time. The editor also allows you to start the query for SQL statements in the background. The result is obtained by calling the transaction SM37, in which the result is output in a spool file.
SAP Basis in the Cloud
A degree in computer science is usually a prerequisite and is now almost compulsory. Those who have been trained as IT specialists can take advantage of further training to become SAP Basis Administrators and thus position themselves particularly well on the job market. However, quite a few companies also offer to train employees to make them fit to work as SAP Basis Administrators.
Especially in larger companies, which also have multiple locations in different countries, it is often necessary to grant different employees the same permissions for different levels of organisation, such as accounting circles. In order to make maintenance and maintenance of the system easy in such a situation, it is useful to set the inheritance principle for SAP permissions. How does SAP Permissions Inheritance work? An inheritance is always about a master object passing certain properties to a derived (sub) object. Therefore, these properties do not need to be maintained several times. Also, changes to the master object are passed directly to the derived objects. This allows easier maintenance and drastically minimises the error rate. In the case of SAP Permission Inheritance, the required permissions are bundled in a Upper or Master role. Only the organisational levels have to be maintained in the roles derived from them. The permissions are automatically pulled from the master role. Create Inheritance for SAP Permissions The following shows how to create and use inheritances for SAP permissions. This requires only two steps: Creating a master role and defining derived roles. Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it. If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role. To do this, open the PFCG transaction and enter the desired name of the master role in the Name field. It is possible to identify master and derived roles by using naming conventions. The "Single Role" button will then be used to create the desired role. In the following example I create the master role "findepartment_r".
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
You can run this user synchronization either manually or (my recommendation!) automatically as a background job:
The SAP basis has a clearly defined self-understanding (inward-looking perception) as well as a clear positioning and a defined task area within the IT organisation (outward-facing perception), as shown in Figure 5.