Create your own folder with transactions in the SAP Easy Access menu
Products and services at a glance
In every company with several SAP systems, there is a person responsible for the complete SAP Basis topics, usually there is even a separate department for this. This person ensures the trouble-free operation of the SAP systems. The person responsible also accompanies maintenance work or upgrades and intervenes in special situations, such as poor performance. Even for companies that hand over the operation of the SAP Basis to an external service provider, there are often still tasks from the environment of user and authorization management at this point.
In the context of the SAP basis, the deployment of an SAP application server for any SAP system can be used as an example. Parameters include processor count, memory, disk space, operating system, and run-time environment.
The core of SAP Basis is the application layer with one or more application servers and a message server. The message server is used for communication between the application servers and transmits jobs between them. The application layer communicates with the database layer on the one hand and the presentation layer on the other. The applications on the application server request the required data from the database, process it and prepare it for the user, who displays it in his Graphical User Interface (GUI) via the presentation layer. Conversely, the application server passes information that the user enters via the GUI on to the database.
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
Any mistake in this area can cause the company's data protection officers to wring their hands over their heads.
The possibilities and limits are examined and corresponding specifications and tools are developed in order to use the technologies profitably.