Migration to the cloud: Azure, Amazon, Google, others
The application or application layer
Let me show you how EasyReCert can simplify this process. Automatic representation of employees & role assignment Each user of the application automatically receives the employees assigned to him. In the first step, the user verifies the assignment of the employees assigned to him. In the second step, the user is shown the roles of his employees. It is now possible to mark the assignment of the role as correct or incorrect. Understandable explanation of the roles Often roles have no talking names and for the decider it is not clear which specific permissions are behind a role. The tool offers the possibility to provide a description for each role, which is available by pop-in. Looking up which role has which permissions and which is meant for which is completely omitted. Flags & Criticality The tool offers in its options the possibility to set flags for critical roles and highlight them in particular. At a glance, the decision-makers see that one of their employees has a critical role and can examine it carefully. Since roles are classified differently in each company, you are completely free to decide which roles you want to consider critical. Roll Whitelist Do you want to exclude certain roles from the audit? Or do you want to test only critical roles? The tool offers you a whitelist function for this. This whitelist allows you to include roles that you do not want to check in the recertification process. So you completely decide which roles the tool should take into account. Logging of the results The results of the tests are logged via the application log and can be viewed both by SAP standard means and directly by the tool. It is also possible to export the audit logs or add optional comments to the logs later.
In order for Fiori applications to be displayed according to the calling users, appropriate Fiori permissions must be maintained in the PFCG. There are several points to consider. This article discusses the permissions required to launch a Fiori application. In addition, a short explanation is given, how the displayed tiles can be configured in the Fiori launchpad via reels. To run Fiori applications from the launchpad and the permission queries defined in the OData services, the corresponding Fiori permission objects must also be maintained in the PFCG. Here the start permissions for the application's OData service in the backend system as well as permission objects are relevant for the business logic of the OData services used in the application. In general, it is important to know that if Fiori is implemented correctly, permissions must be maintained in the front-end server (call Launchpad, start the tile, etc.) as well as permissions in the back-end server (call the OData services from the backend). This article explains this in more detail.
Support for adjustments and changes to the systems
There is an RFC error. CANNOT_ADD_PATCH_TO_BUFFER: A support package could not be included in the transport buffer. For more information, see the log file in the /usr/sap/trans/log (UNIX) directory. CANNOT_MODIFY_BUFFER: An attempt was made to modify the transport buffer without success. TEST_IMPORT This step checks whether there are still objects in unshared tasks that are overwritten during the commit. The log of the test import shows the cause of the error. For more information, see Note 42379. IMPORT_OBJECT_LIST In this step, the object lists for the support packages in the queue are fed into the system.
In addition to internal security requirements, national and international guidelines sometimes require all audit and security-related user actions to be recorded. With the Security Audit Log (SAL) you have the possibility to log all changes, e.g. for users, user master records, but also roles and groups.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
This includes the documentation of key and mission critical processes and their verification for timeliness and validity.
The first call should automatically open a dialogue to maintain the organisational levels, as they are still empty.