Implementation of security updates, patches and enhancement packages
CG3Z Upload file
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
Critical business processes require a secure, efficient and stable operation of an SAP system landscape. High demands on the management as well as the operation of the underlying SAP NetWeaver platform require competent support in all tasks of planning, support and updating of the SAP Basis. The increase in installed components as well as systems integrated via interfaces expands these needs. Only with professional care and maintenance of its components can SAP NetWeaver bring its advantages as an integrative platform to bear.
What should an SAP administrator be able to do?
In the case of client settings, you should ensure that the production client is protected against overwriting and that changes are only approved via the transport management system (TMS) to ensure traceability. In the interests of system security, changes to repository and client-independent objects should also not be permitted. The use of eCATT and CATT should also be at least restricted, as allowing them can lead to significant database changes.
The monitoring of SAP systems, for example, is handled by modern AIOPs software, which permanently performs essential checks thanks to regular checks. This allows us to focus on optimizing your SAP systems, not only reactively in the event of an error, but also proactively to avoid possible errors before they occur.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
BUILDING OVERARCHING EXPERT TEAMS WITH SAP basis INVOLVEMENT To reduce organisational friction points as well as to optimally handle selected topics, it is recommended to set up expert teams with the participation of the SAP basis.
Since it has already been completed, ignore the hint and select Next.