SAP authorizations
SUM - the Software Update Manager, the relatively new tool for "remote control" of the known update transactions from outside the system, for ABAP and JAVA
In earlier product generations, databases from various third-party providers were used - primarily Oracle and Microsoft SQL. However, this has changed with the introduction of the new database generation SAP HANA.
QUEUE_STILL_IN_BUFFER: The queue is not fully processed because incomplete support packages of the queue are still in the transport buffer. CANNOT_RESET_FCS_FLAG: If there is an FCS Support Package (FFD) in the queue, the system will be marked as being at the generally available release level after this support package is inserted. In this case, this operation could not be performed successfully.
Good written and spoken German skills are expected (level similar to at least B2)
SPAM/SAINT updates (SPAM update) provide updates and improvements to SAP Patch Manager and SAP Add-On Installation Tool. There is always one SPAM update per review that will be updated over time. The version can be found in the short description, e.g.: SPAM/SAINT update - version 4.6A/0001 A SPAM update always comes first in the list of support packages in the SAPNet - R/3 frontend, i.e. before the other support packages. We recommend that you always install the latest version of a SPAM update before installing Support Packages. Prerequisites You can successfully commit a SPAM update only if there are no broken support packages in the system. If there are cancelled support packages, a dialogue box will alert you. You have two options: You will first complete the queue and then the SPAM update. You reset the status of the queue, play the SPAM update first and then the queue. You can reset the status of the Queue by using the Add Status Reset Queue. Note that your system is inconsistent when you reset the queue after objects have already been imported (for example, after an error in the DDIC_IMPORT step and following). Therefore, you should only reset the queue if DDIC_IMPORT was cancelled before the step. For more information, see Steps of the SPAM [page 26]. Note that starting with SPAM/SAINT version 11, it is no longer possible to reset the queue after the DDIC_IMPORT step and following. How to Check if the SPAM update you are offering is newer than the one you are receiving. The current SPAM version appears in the title bar of the SPAM window. To play the latest SPAM update, select Support Package Insert SPAMUpdate. SPAM updates are automatically confirmed after successful insertion. Load Support Package Usage Before you can insert Support Packages, you must first load the appropriate Support Packages.
This access method depends solely on the rights assigned to the user. System users: Users of this user group are comparable to SAP*. They act as administrator in the system. Therefore, they should be deactivated / set to inactive as soon as possible, as soon as the system operation is ensured. You should still be aware of the SAP ERP environment to address this security risk. In a HANA system, there are privileges instead of permissions. The difference is first of all in terms of terminology. Nevertheless, the permissions are assigned differently (directly / indirectly) via the assignment of roles. These are thus accumulations of privileges. As in older SAP systems, system users must be disabled and certain roles that already exist must be restricted. Compared to an SAP ERP system, small apps are allowed instead of large applications. In this case, attention should be paid to an individual authorisation. It should be a matter of course for users to have implemented secure password rules. Settings Securing the system also means securing the underlying infrastructure. Everything from the network to the host's operating system must be secured. When looking at the system landscape, it is striking that the new technology brings many connections that need to be secured. The SAP Gateway, which is responsible for the connection between backend and frontend, is also a security risk and must be considered. All security settings of existing and future components must be validated to HANA compatibility. Secure communication of connections is obtained when you restrict access where possible. Encryption of the data of a HANA system is disabled by default. Be sure to encrypt sensitive data anyway. Especially data that is archived. If an attack is made on your system, you should be able to run forensic analysis, so you should enable the audit log. Moreover, few users should have access to it.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
This step is less important for the SAP basis.
The website www.sap-corner.de offers many useful information about SAP basis.
Public cloud environments such as Azure and AWS provide a layer of abstraction that eliminates the difficult task of maintaining the hardware that was required with SAP on-premises.