Problem: User matching not performed
Identity Management System: Introduction Tips
SAP's client concept enables a SAP system to be split into several logical sub-systems - clients. These subsystems can be used independently and in isolation as separate systems. But how should non-client transactions be treated? How can you prevent one client from accessing the other and why should you want to prevent that? In this blog post, I will answer these questions and discuss some negative examples. Why is it important to consider independent transactions separately? Imagine that every one of your employees is allowed to create or change a client in the production system, or worse, both. Creating and modifying a client in the production system is authorised and documented - you wonder what could possibly go wrong? The risk in this case is a loss of integrity of system and data, loss of confidentiality: With each new client, Superuser SAP* lives up to its comprehensive, cross-client rights and the assigned standard password.
However, the tasks also include strategic and planning aspects. For example, administrators define requirements and standards, select and control upgrades or enhancements, implement monitoring processes, and take care of necessary backups and emergency management.
Maintenance of SAP licenses
Many companies that use or would like to use an SAP Basis system seek advice from external service providers or completely outsource the administration of the system. SAP Basis Consulting is a technical consulting service that covers many tasks and sub-areas related to SAP Basis. Providers include BasisTeam IT Service & Consulting AG, Phoron, Mindsquare and many others.
If your system is already above SAP NetWeaver Release 7.0, then you must either import SAP Note 1731549 or a corresponding Support Package. Afterwards, when creating new users, it is no longer possible to assign user names that are only composed of variants of spaces or other invisible special characters. Important: Changes to already existing users with these names or their deletion option are not affected by this! The SAP Note also adds the customizing switch BNAME_RESTRICT, whereupon you can control yourself whether alternative spaces are allowed to appear in certain places in the user name. For this, the following values must be set in the customizing table PRGN_CUST: NO = The alternative spaces are still allowed in the user name. ALL = The character set is reduced to a defined range, excluding certain special characters because they have specific meanings in certain operating systems or databases. This predefined character set is: ABCDEFGHIJKLNMOPQRSTUVWXYZ_0123456789,;-§&()={[]}+#. FME = The letters F, M and E stand for Front, Middle and End. With an 'X' in this three-digit switch value you can now explicitly specify at which position in the user name no wide spaces and control characters may occur. All combinations are possible, e.g.: XME = None of these special characters may occur at the BEGINNING of the user name. XMX = In the user name none of these special characters may occur at the BEGINNING and at the END. FME = One of these special characters may occur at any position in the user name (this corresponds to the default setting, i.e. as if no entry was maintained in PRGN_CUST for the switch). SAP recommends the use of the value ALL.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
This completes the creation and configuration.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Nevertheless, the entries of the generated files should be checked by one person.