System maintenance and support of running systems
The Basis system comprises a total of three layers
This access method depends solely on the rights assigned to the user. System users: Users of this user group are comparable to SAP*. They act as administrator in the system. Therefore, they should be deactivated / set to inactive as soon as possible, as soon as the system operation is ensured. You should still be aware of the SAP ERP environment to address this security risk. In a HANA system, there are privileges instead of permissions. The difference is first of all in terms of terminology. Nevertheless, the permissions are assigned differently (directly / indirectly) via the assignment of roles. These are thus accumulations of privileges. As in older SAP systems, system users must be disabled and certain roles that already exist must be restricted. Compared to an SAP ERP system, small apps are allowed instead of large applications. In this case, attention should be paid to an individual authorisation. It should be a matter of course for users to have implemented secure password rules. Settings Securing the system also means securing the underlying infrastructure. Everything from the network to the host's operating system must be secured. When looking at the system landscape, it is striking that the new technology brings many connections that need to be secured. The SAP Gateway, which is responsible for the connection between backend and frontend, is also a security risk and must be considered. All security settings of existing and future components must be validated to HANA compatibility. Secure communication of connections is obtained when you restrict access where possible. Encryption of the data of a HANA system is disabled by default. Be sure to encrypt sensitive data anyway. Especially data that is archived. If an attack is made on your system, you should be able to run forensic analysis, so you should enable the audit log. Moreover, few users should have access to it.
You would like to know more about what is happening on your SAP systems - then I recommend that you take a closer look at the Solution Manager Usage Procedure Logging (UPL) functionality. What code is often executed? Which database tables are accessed regularly? What unused developments exist? - The UPL provides answers to these questions. You can implement the functionality into your existing SAP landscape without additional licence costs and with moderate effort. What information does the UPL provide? Usage Procedure Logging is used to log and record user behaviour data roughly comparable to the ST03N workload statistics. UPL is able to record the call and execution of the following ABAP objects: Reports Functional Blocks Classes Methods Subroutines SQL Calls In addition, UPL is able to detect dynamic programme calls and generate transparency about the modifications used. All usage data is recorded in detail and automated and, if desired, made available centrally in the SAP Solution Manager. Benefits 1) Hardly measurable Performance Impact 2) Central collection of data of all systems in the SAP Solution Manager's BW 3) No complex setup 4) Once activated, the collector and extractor jobs run regularly and without further manual activities Possible usage scenario If you have Solution Manager 7.2 in use, you can use UPL within the framework of "Custom Code Lifecycle Management" (in German: management of customer developments). After one activation of the BW content and some standard jobs, you select one or more systems for which you want to activate UPL. If you already have the SP05 installed, there is a separate "Guided Procedure" for configuring the UPL in SOLMAN_SETUP.
SAP Basis Operation is responsible for ensuring the technical functionality of an SAP system. It includes all the technical components mentioned above. These are used to perform the following tasks:
Select the transport order from the development system that was rejected in the quality system. This is technically repackaged into the Q-System in a new order and transported to the quality system. At this point you will again have the possibility to perform the approval step you really want to perform.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
The PIB 2004.1 Workplace Plug-In release is part of the SAP Basis Plug-In for SAP Basis 640.
SAP Basis Training starts at the very beginning of the project.