SAP Basis SAP Script - SAP Corner

Direkt zum Seiteninhalt
SAP Script
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.

After the addition of Java Stack (the applications developed in J2EE, BSP, JSP, etc), the security standard for business processes was increased. Both ABAP and Java stack can be monitored from one platform. Netweaver supports standard protocols such as HTTP, SMTP, XML, SOAP, SSO, WEBDAV, WSDL, WMLSSO, SSL, X.509 and Unicode format (text processing representation).
SM37C Advanced job selection
Therefore, there can also be critical permissions, profiles, and roles that do not fit in the naming scheme defined by SAP. Manual identification of critical SAP permissions is difficult overall. However, tools are available that automatically check for critical permissions. In this case, the critical SAP permissions are usually predefined by special verification software. If the critical permissions, profiles, and roles are identified, they should be adjusted according to the permission planning. The system will then be checked to see if the desired system behaviour has been achieved or if malfunctions occur. This adjustment process may be complex in the event of major changes and should not be carried out on the production system.

The Log function displays logs for SPAM steps using the tp transport control programme. After successfully inserting the queue, you should always check these logs. Associating the SPAM steps with log files Step Log file DISASSEMBLE_PATCH Generate Cofile TEST_IMPORT Testimport IMPORT_OBJECT_LIST Commandfile Import DDIC-IMPORT DD-Import IMPORT_PROPER DD-Activation Import ADO-Import Verification Versions Method Execution ABAP/Dynpro Generation Procedure To get to the log display, select Image Jump Log Queue. Importance of Return Codes Return-Code Meaning 0 or 4 System information and warnings Warnings are generally uncritical for the system. However, you should check them anyway, as in rare cases follow-up errors may occur. Larger 4 Serious errors that must be fixed before you can successfully complete the commit. Confirm Queue Usage Confirm the successful insertion of the Queue in your system. This ensures that additional support packages can be used in the future. Without this confirmation, it is not possible to insert additional support packages. If you have not yet confirmed successful support packages, you will be prompted to confirm these support packages when upgrading your system. Prerequisites You have successfully imported one or more Support Packages. Procedure Confirm successful insertion of the Support Packages into your system with the Support Package.

"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.

The message type defines what kind of messages should be processed.

Some useful tips about SAP basis can be found on

It includes established best practices for role and entitlement management.
SAP Corner
Zurück zum Seiteninhalt