SAP Basis SAP Security

Direkt zum Seiteninhalt
SAP Security
SM36 Define job
With the growth of the company also came extensions and the need for a whole SAP Basis team. Basically, it is a condition that occurs sooner or later in any organization that maintains SAP systems.

If you get a tp-step in the cancel message, it is a transport order-independent step whose logs cannot be displayed with logs. In this case, analyse the following files: tp-Step 6: P
tp-Step N: N
tp-Step S: DS
All protocols are located in /usr/sap/trans/log.
Responsibility
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.

Before SAP HANA was released, there was no SAP database - you had to install SAP ERP (or the application you were using) on a third-party database, such as Oracle or SQL Server. SAP developed the HANA database to fully leverage the power of SAP's next-generation S/4 software.

Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.

Smart Contracts The biggest advance compared to Bitcoin and similar applications is that second-generation blockchains, such as Ethereum, use the so-called Turing-Complete script language Solidity.

SAP HANA has a lot of new features, although many existing ones are used by SAP ERP, so there is a risk here.
SAP Corner
Zurück zum Seiteninhalt