Creation and implementation of the milieu according to the best SAP practices
Management of databases
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
To view the software components installed in your SAP system with their respective package levels, select Status Package Levels. A dialogue box appears listing the installed software components with additional information. For more information on this dialogue, please refer to the Online Manual. SPAM: ABAP/Dynpro Generation Usage For performance reasons, the SPAM is set by default to prevent ABAP/Dynpro generation from occurring during the commit. The corresponding programmes are not generated until they are called. However, you can set the SPAM so that the generation takes place during the recording. It is quite possible that the SPAM will report errors during generation because, for example, a self-written or modified report is syntactically wrong and refers to an object that is being played over the cue. Often it is desirable to ignore the generation errors for the time being and to fix them after inserting them. Prerequisites to play Support Packages.
Responsibility
This is where all the system's data resides. These are composed of the actual database and the DBMS, the "database management system". In earlier versions, the database here came from different manufacturers. For example, Microsoft SQL or Oracle. Since SAP HANA, a lot has changed for IT in this data layer. This is because the database comes from SAP itself and is automatically monitored by the system. There is more to this database layer than just the working data. Important elements such as the configuration tables and system data for control and application content are also stored here. This is the repository data used by applications.
After the addition of Java Stack (the applications developed in J2EE, BSP, JSP, etc.), the security standard for business processes was increased. Both ABAP and Java stack can be monitored from one platform. Netweaver supports standard protocols such as HTTP, SMTP, XML, SOAP, SSO, WEBDAV, WSDL, WMLSSO, SSL, X.509 and Unicode format (text processing representation).
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
A user can then read all data assigned to him (via role or his own settings) at once.
This includes an overview of the existing interfaces and a controllable data flow with the associated guarantee of data security.