SAP Basis Virtualization of your entire SAP system landscape (some companies additionally operate an SAP HCM system, for example, which also needs to be virtualized)

Direkt zum Seiteninhalt
Virtualization of your entire SAP system landscape (some companies additionally operate an SAP HCM system, for example, which also needs to be virtualized)
Configuration & operation of the SAP Solution Manager
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.

User name without restrictions - critical? Depending on the release of the SAP_BASIS component in your system, invisible special characters may end up in the user name. This is especially critical if only spaces or alternate spaces are used for the user name when creating a new user. In Unicode systems, "alternative" spaces, so-called "wide spaces", can be used in addition to the normal space character (hexadecimal value 20). For example, the key combination "ALT+0160" can be used to insert non-breaking spaces. If a user is now created whose user name consists exclusively of such alternative spaces, this can be confusing. This is because entries for this user ID do appear in change documents, but the impression is created that the entry was created by a non-existent / deleted user. This circumstance can lead to confusion. In addition, certain special characters in the user name can also lead to errors, for example in the Change and Transport System (CTS). This is because the user name is also used in the CTS-ORG to create a file with the same name in the transport directory. Furthermore, there are letters/characters that look identical in different alphabets, but have a different hexadecimal value in the character set. This means that confusion in user names cannot be completely ruled out. Seemingly identical user names then stand for different users.
SYSTEM
Since innovations through IoT (Internet of Things) or big data scenarios not only affect the SAP basis, but also highlight products and services for customers of their own company, the role of the SAP basis in relation to these scenarios and services must be clearly defined. In general, the SAP basis sees its responsibility here in the connectivity to the corporate network or the enterprise systems, which lie in the responsibility of the SAP basis. The support of the applications, based on the technologies as well as the associated services, is the responsibility of the respective department that offers this service. A SAP-based support service must be agreed and regulated during the conception.

SAP Basis represents the cornerstone of the SAP system, i.e. the foundation without which the system cannot function. Furthermore, it includes some administration tools and middleware programs. These programs can be used with the help of SAP Basis independently of the operating system and database used.

Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.

For this reason, tools are currently being developed to provide security and visibility in the HR permissions area.

For our example we call the files K12345_DEV and R12345_DEV.
SAP Corner
Zurück zum Seiteninhalt