Add-ons
SM66 Work processes of all instances
In every company with several SAP systems, there is a person responsible for the complete SAP Basis topics, usually there is even a separate department for this. This person ensures the trouble-free operation of the SAP systems. The person responsible also accompanies maintenance work or upgrades and intervenes in special situations, such as poor performance. Even for companies that hand over the operation of the SAP Basis to an external service provider, there are often still tasks from the environment of user and authorization management at this point.
All topics are relevant, which may also be of interest to a customer. Ideally, you get a balanced communication structure in the communication triangle between marketing, the target group and your own employees. Internal communication is an important aspect for the SAP basis. It is primarily a matter of passing on or communicating your own services, IT products and positioning to your employees. STEP 10: PLANNING The planning provides a translation of the previously agreed definitions into concrete measures. A description of the measure shall be provided. The measures can now be scheduled and included in a cost overview. Above all, it is important to plan realistically and to consider dependencies. This step, too, is of great interest to the SAP basis and is necessary to translate the previously agreed specifications into a concrete marketing concept of the SAP basis.
OAAD Document search in archive
An important area of SAP Security is the analysis of the customer's own SAP programs, which are classically written in the proprietary SAP language ABAP. Here, too, as in all programming languages, security vulnerabilities can be programmed - whether consciously or unconsciously. However, the patterns of security vulnerabilities in ABAP code differ from those in Java stacks or Windows programs. The goal of these conventional programs is usually to either crash the program (buffer overflow) or to artificially execute the program's own code (code injection). Both is not possible in ABAP, since a crash of a process causes nothing else than the creation of an entry in the log database (Dump ST22) and a subsequent termination of the report with return to the menu starting point. So a direct manipulation as in other high level languages or servers is not possible. However, there are other manipulation possibilities.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
The second component of the application layer is the message server.
Sometimes the testers were not familiar with the test environment or no one thought about taking care of a sufficient and current test data set (master data, movement data).