OAAD Document search in archive
Daily Check Solution
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
To add additional permissions for defined groups in the launchpad to PFCG roles, follow the steps described above. This time, you only select a "SAP Fiori tile group" instead of a "SAP Fiori tile catalogue". There are very few differences between permissions. Fiori Eligibility for OData Services The launch authorisation for the OData service stored in the backend from a Fiori app is queried on both the front-end and back-end servers when the application is launched. Therefore, this permission must be added to the appropriate role on both servers. The typical sequence of clicking on a Fiori app in the launchpad triggers the following steps: 1) When selecting the tile, the app Fiori implementation is called 2) The app retrieves dynamic data from the HTTP endpoint of the OData service on the frontend server from 3) An RFC call to the gateway activation of the backend system is followed, retrieving the relevant business logic 4) Now the Fiori permission for the corresponding OData service is queried on the backend 5) If this was successful the appropriate business logic permissions are queried in the OData service. To add the Fiori permission to run a OData service for an app to a role, please perform the following steps: In the PFCG, open the appropriate role in Change mode, perform steps on the following screenshot: 1) Select Menu tab 2) Arrow next to the "Transaction" button click 3) Select Permissions proposal.
Security updates
The role of the SME describes an expert in a particular field, such as SME databases or SME-SAP-HANA, in the context of SAP products and is gaining in importance due to new technologies and thematic areas. The role of the SME thus corresponds to an expert role in the technology environment. It has a good network within the IT departments and, if necessary, to other business units within the company. In order to carry out its activities, it is necessary to have already acquired practical experience in the operation of its thematic focus. Expert tools are also used to fulfil his task. Through the exact definition of disciplines, the SME assumes the informally many tasks of the traditional SAP basis administrator and also new disciplines in the course of new technologies. In addition to the existing features, there will be in the future such as SME-Cloud, SME-SAP-HANA/Databases, SME-Supplier-Management, SME-Security, SME-Compliance, SME-Landscape-Virtualisation-Management (SME-Landscape-Virtualisation-Management) and SMESolution-Manager. SME-Cloud is in contact with the global cloud manager (if it exists in the company). In addition, an expression SME-Security is in contact or reported to the global corporate security sector. An expression SME-Supplier-Relationship-Management or Supplier-Management is orientated both internally (coordination with other departments) and externally (coordination and communication with suppliers). The SME cloud is a special feature of SME Supplier Management.
If you have modified SAP objects, you have to match these objects during playback. The transaction SPDD matches Dictionary objects, and the transaction SPAU Repository objects. Prerequisites SPAM prompts you for modification matching. How to Stop Inserting the Support Package (F12). SPAM will resume processing at RUN_SPDD or RUN_SPAU steps. To enable your developers to perform the modification synchronisation, create an order in the Transport Organiser [Extern] and under this task for the developers. Ask developers to perform the modification matching for their objects. Synchronisation of Dictionary Objects (SPDD): The developers can view the list of affected objects with the addition of Synchronise Modifications in the input image of the transaction SPAM. Synchronisation of Repository Objects (SPAU): Developers must call the transaction SPAU and then match it. Once the match is complete, developers must share the tasks and inform you. The comparison can be done in any client. Call SPAM. Select Insert Support Package Queue. You will be prompted again to perform the modification sync. Since it has already been completed, ignore the hint and select Next. SPAM completes the processing and returns the status.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
If adm does not have write permissions for the /usr/sap/trans/data (UNIX) directory, SPAM will cancel DISASSEMBLE with CANNOT_DISASSEMBLE_R_DATA_FILE.
They also need to be able to work in a structured manner and find creative solutions and decisions.