Application of SNOTE and elimination of errors
Planning & design of the system architecture
In order to cope with the digital transformation in general, but also to cope with the changing demands on the SAP basis and its scope of responsibility, it is necessary to revise existing roles and define and establish new roles. These include the roles of the technology architect, new features of the Subject Matter Expert (SME), and the role of the Expert Team Lead in leading a group of experts. Further information can be found in chapter 7.1 and 9.3 of the Master's thesis.
This improves the capabilities of SAP HANA base administrators and increases the level of service they should provide. Your Basis team can more easily fine-tune your data replication strategy to meet demanding disaster recovery and high availability standards.
Before the project starts, it must be clear which systems are to be connected to the IdM and which services the system is to provide. This requires close collaboration between the department and IT, as later adaptations or additional systems will extend the implementation and exceed the budget. Analysing existing data To successfully implement an Identity Management System, high quality data is essential. Users' root data must be verified, updated, or maintained. Automation with incomplete or even incorrect data is otherwise not conceivable. Rethinking the Permission Concept With the introduction of an Identity Management System and a workflow for permission granting, the existing roles should be scrutinised once again. You should ask yourself whether the user knows what role he chooses from the current catalogue and whether it is sufficient for his task. Set Role-Owner Not only the user needs to know which role to choose. There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.
In order for the stored business logic of an application to be executed correctly, the executing user must also have the necessary permission objects in the flow logic of the OData services in his role. If Authority Checks are performed here, e.g. to query or change data on the backend server, the corresponding role must be authorised. These permissions are expressed in a role by permission objects, as in any ABAP report. If you follow these steps, your Launchpad users should have the Fiori permissions necessary to launch the launchpad, view all relevant tiles, and run the specific apps with their business logic.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
In addition to the range of tasks covered by the SAP basis, it is also necessary to specify for which tasks and topics the SAP basis is not responsible.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
Optionally, you can ask our experts to solve your security risks in the short term.