Customizing of the notifications according to customer requirements
RFC Security, Science-Fiction and Theatre
The application layer is the central component of the SAP R/3 system. This layer is therefore also referred to by SAP as the actual base system. Within the layer there are application servers and a message server.
To facilitate communication within IT departments, it is necessary to identify clear communication channels and contact persons and also to use uniform tools for communication. It would also be possible to designate contact points (contact points) for upstream and downstream IT departments and external service providers and suppliers.
Migration of the SAP systems' databases to the HANA Database,
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
Especially in larger companies, which also have multiple locations in different countries, it is often necessary to grant different employees the same permissions for different levels of organisation, such as accounting circles. In order to make maintenance and maintenance of the system easy in such a situation, it is useful to set the inheritance principle for SAP permissions. How does SAP Permissions Inheritance work? An inheritance is always about a master object passing certain properties to a derived (sub) object. Therefore, these properties do not need to be maintained several times. Also, changes to the master object are passed directly to the derived objects. This allows easier maintenance and drastically minimises the error rate. In the case of SAP Permission Inheritance, the required permissions are bundled in a Upper or Master role. Only the organisational levels have to be maintained in the roles derived from them. The permissions are automatically pulled from the master role. Create Inheritance for SAP Permissions The following shows how to create and use inheritances for SAP permissions. This requires only two steps: Creating a master role and defining derived roles. Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it. If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role. To do this, open the PFCG transaction and enter the desired name of the master role in the Name field. It is possible to identify master and derived roles by using naming conventions. The "Single Role" button will then be used to create the desired role. In the following example I create the master role "findepartment_r".
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
Once you have completed these steps and secured the role, it has the necessary Fiori permissions to launch the OData service-related application.
The implementing user also needs some permissions to perform the necessary manual pre- and post-processing of the note on the system: Authentication for the transaction SLG1 Read permission for the S_APPL_LOG permission to write and delete data from the application directory Upgrade the SAPCAR version on your system to version 7.20 or higher SAP basis version 700 or higher, for older versions the notice must be inserted manually If you have met these requirements, you can use the implementation of note 24080 Start 73.