Decommissioning/uninstallation of SAP systems and their databases
Weighing up: SAP CPS, ABAP job solution or external solution?
The Log function displays logs for SPAM steps using the tp transport control programme. After successfully inserting the queue, you should always check these logs. Associating the SPAM steps with log files Step Log file DISASSEMBLE_PATCH Generate Cofile TEST_IMPORT Testimport IMPORT_OBJECT_LIST Commandfile Import DDIC-IMPORT DD-Import IMPORT_PROPER DD-Activation Import ADO-Import Verification Versions Method Execution ABAP/Dynpro Generation Procedure To get to the log display, select Image Jump Log Queue. Importance of Return Codes Return-Code Meaning 0 or 4 System information and warnings Warnings are generally uncritical for the system. However, you should check them anyway, as in rare cases follow-up errors may occur. Larger 4 Serious errors that must be fixed before you can successfully complete the commit. Confirm Queue Usage Confirm the successful insertion of the Queue in your system. This ensures that additional support packages can be used in the future. Without this confirmation, it is not possible to insert additional support packages. If you have not yet confirmed successful support packages, you will be prompted to confirm these support packages when upgrading your system. Prerequisites You have successfully imported one or more Support Packages. Procedure Confirm successful insertion of the Support Packages into your system with the Support Package.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
The dataowner should be the
adm of the target system, which you can change (in the Unix console) with "chown adm K12345.DEV" (respectively R12345.DEV for the data file). To change the access permissions, you can use the command "chmod 664 K12345.DEV". Attach transport jobs in the SAP system Once this has been done, you can attach the transport orders in your SAP system to the import queue. This is done by using the STMS -> Import Overview (F5) to display the import queues. Select the import queue of the target system with a double click. After that, you will receive a pop-up under "Additions"->"More orders"->"Attach", which you can use to attach the transport orders to the import queue. In the pop-up you have to name the exact transport order. The correct name for this is as follows: The first three characters are the file extension of the two files you copied into the transport directory. The last characters consist of the file name of the cofiles file. In our example transport the transport would be called "DEVK12345" (deriving from the cofiles file K12345.DEV) This should now return a positive message from SAP and the transport is attached to the import queue. Now you can import this transport into the system just like any ordinary transport order. Step-by-step Summary Copy Cofiles/data file to transport directory Normally /usr/sap/trans, if not —> AL11 -> DIR_TRANS Customise file owners and permissions chown adm chmod 664 In SAP system: STMS -> Import Overview -> Select Import Queue -> Additions -> Additional Jobs -> Attach Enter Transport Jobs ( ).
In order to have some advantage in terms of new SAP technologies, suitable PoCs (Proof of Concepts), research and pilot projects must be initiated to build know-how and evaluate boundary conditions or feasibility. Furthermore, this serves the evaluation of new business models by the underlying technology in collaboration with the respective business unit.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
Today, most customers rely on an infrastructure abstraction layer, whether it's VMware or one of the cloud hypervisors.
Examples of scenarios: 1) User and Authorisation Management 2) ESS/MSS for the management of personnel data 3) Audit and monitoring for the verification of compliance with legal regulations What should be taken into account, however, if you want to introduce an Identity Management System? In this contribution, I would like to highlight fundamental points that need to be clarified before the introduction.