SAP HANA Cloud Platform (SAP HCP)
SUBJECT MATTER EXPERT (SME)
A BW system often plays a very central role in larger companies. Here the data from the various connected source systems are analysed and reported centrally. A previous customer of mine had a BW system, to which a total of over 20 other SAPP production systems were connected. With such a large and mostly living system landscape, it is normal that individual systems are dismantled from time to time. However, especially with large SAP landscapes, there are strict regulations regarding the permissions of technical RFC users. For this reason, the simple "right-click —> delete" of a source system in RSA1 will often not lead to the target, but rather to a failed permission check. With this blog post, I'll show you a workaround on how to clean a source system from a BW system using the RSAR_LOGICAL_SYSTEM_DELETE and RSAP_BIW_DISCONNECT function blocks.
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.
Due to the variety of tasks and the high level of complexity, I find my job extremely exciting. There are very many constellations of SAP systems and databases. Each installation, migration and update brings new aspects and challenges. It is precisely these challenges that are important to me, so that I can continue to learn and develop professionally on a daily basis.
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it.
After that, you will receive a pop-up under "Additions"->"More orders"->"Attach", which you can use to attach the transport orders to the import queue.