MARKETING & SELF-UNDERSTANDING
SAP's client concept enables a SAP system to be split into several logical sub-systems - clients. These subsystems can be used independently and in isolation as separate systems. But how should non-client transactions be treated? How can you prevent one client from accessing the other and why should you want to prevent that? In this blog post, I will answer these questions and discuss some negative examples. Why is it important to consider independent transactions separately? Imagine that every one of your employees is allowed to create or change a client in the production system, or worse, both. Creating and modifying a client in the production system is authorised and documented - you wonder what could possibly go wrong? The risk in this case is a loss of integrity of system and data, loss of confidentiality: With each new client, Superuser SAP* lives up to its comprehensive, cross-client rights and the assigned standard password.
A role concept according to best practice protects you from potential attacks within your SAP landscape. However, to protect your system from unauthorized access via the network, the SAP Gateway must be configured correctly. It enables the use of external programs via interfaces or the call of ABAP programs and serves as a technical component of the application server, which manages the communication of all RFC-based functions.
You would like to know more about what is happening on your SAP systems - then I recommend that you take a closer look at the Solution Manager Usage Procedure Logging (UPL) functionality. What code is often executed? Which database tables are accessed regularly? What unused developments exist? - The UPL provides answers to these questions. You can implement the functionality into your existing SAP landscape without additional licence costs and with moderate effort. What information does the UPL provide? Usage Procedure Logging is used to log and record user behaviour data roughly comparable to the ST03N workload statistics. UPL is able to record the call and execution of the following ABAP objects: Reports Functional Blocks Classes Methods Subroutines SQL Calls In addition, UPL is able to detect dynamic programme calls and generate transparency about the modifications used. All usage data is recorded in detail and automated and, if desired, made available centrally in the SAP Solution Manager. Benefits 1) Hardly measurable Performance Impact 2) Central collection of data of all systems in the SAP Solution Manager's BW 3) No complex setup 4) Once activated, the collector and extractor jobs run regularly and without further manual activities Possible usage scenario If you have Solution Manager 7.2 in use, you can use UPL within the framework of "Custom Code Lifecycle Management" (in German: management of customer developments). After one activation of the BW content and some standard jobs, you select one or more systems for which you want to activate UPL. If you already have the SP05 installed, there is a separate "Guided Procedure" for configuring the UPL in SOLMAN_SETUP.
The entry screen gives a brief overview of the status of the last queued. In case of incomplete support packages, the last (aborted) step of the SPAM will be displayed. System: Check the correct function of the transport tools using Tool Transport Tool. Make sure there is enough space (the size of the OCS files multiplied by 2) in the transport directory (see the R/3 profile parameter DIR_TRANS with the AL11 transaction or the SE38 transaction and the report RSPARAM). Make sure that there is enough space, especially in the subdirectories trans/EPS/in and trans/data. Use the latest SPAM update. Verify that the SPAM update offered in the SAPNet - R/3 frontend or the SAPNet - Web Frontend is newer than the one available in your system. You can see the version of the SPAM update available in your system in the title bar of the SPAM image. We recommend that you always run the latest SPAM update first [page 14] to avoid problems when playing. The insertion of a SPAM update is analogous to the insertion of support packages. There must be no incomplete support packages in your system. To do this, under Folder in the SPAM, select Aborted Support. Packages and select View. Support packages should not be displayed. The status light should be green. If not, view the detailed status and log information for all support packages in the system. Select Jump Status or Jump Log. Load Activities Support Package [page 15] Define Queue [page 17] Insert Queue [page 20] If necessary: Sync Modifications [Page 22] Verify Protocols [Page 23] Confirm Queue [Page 24].
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
SAP administrators are present wherever SAP systems are used.