DBACOCKPIT DBA Cockpit: Maintaining the System Configuration
Partner Agreement Configuration
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
The operator is now responsible for ensuring smooth and safe operation in the SAP environment. It has a basic understanding of the infrastructure and is well connected within the IT departments. For his daily work he uses suitable tools (e.g. monitoring tools), in which he is trained and trained. In the future, the focus will be on reactive activities such as monitoring systems and processing notifications. The operator acts as a customer of SME-expression standardisation and automation as well as the SME-expression-solution manager. Also, the operational aspects of this role are suitable for outsourcing. However, the accountable parts remain in the company.
Change and Release Management
In transaction PFUD (see image above), you can perform the user match manually for all roles (or selected roles). You can choose between the matchup types Profile Matchup, Matchup of Indirect Assignments from Composite Roles, and Matchup HR Organizational Management. According to SAP documentation, the matchups differ as follows: Profile Matchup: "The program compares the currently valid user assignments of the selected single roles with the assignments of the associated generated profiles and makes any necessary adjustments to the profile assignments. Matching indirect assignments from composite roles: User assignments to composite roles result in indirect assignments for the single roles contained in the composite role. This match type matches the indirect assignments of the selected single roles to the user assignments of all composite roles that contain the single roles. If the selection set contains composite roles, the comparison takes place for all single roles contained in it. HR Organizational Management comparison: This comparison type updates the indirect assignments of all selected single and composite roles that are linked to elements of HR Organizational Management. The HR adjustment is inactive and cannot be selected if no active plan version exists or if a global deactivation has been made by setting the Customizing switch HR_ORG_ACTIVE = NO in table PRGN_CUST. Furthermore, the option "Perform cleanup" is interesting, which can be selected independently of the three adjustment types and does not refer to the role selection. The Perform Cleanup function can be used to remove residual data that resulted from incomplete deletion of roles and the associated generated profiles.
The presentation layer is used to visualize the applications and data for the user. The presentation is done with the help of a graphical user interface (GUI). Furthermore, the presentation view consists of several modules, which are also summarized as SAP GUI. SAP Fiori is the presentation layer of the next generation and is therefore particularly user-friendly.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
These are often so massive that a quick and effective implementation of pilot projects is severely hindered or completely prevented.
This course covers all aspects of administration and operation of SAP HANA SPS04.