SAP Sybase
SWF_APPL_DISPLAY Evaluate application log
You can call the SPAM transaction in one of the following ways: Select SAP menu Tools Maintenance Patches. Enter the transaction code SPAM. Features The SAP Patch Manager provides the following features: Loading Support Packages: Requested support packages can be loaded into your system from SAPNet - Web Frontend, SAPNet - R/3 Frontend, or Collection CDs. Inserting Support Packages: Resetting When SPAM inserts a support package into your system, a fixed sequence of steps is followed. If the Support Package implementation stops, you can resume processing at a later time. The operation will resume where it was cancelled.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
Hardware Sizing
The identification of critical SAP permissions for the use of an SAP system must therefore be carried out in any case. In addition to permissions, you can also identify critical profiles and roles that are already in the delivery state.
Creating the master role: Now maintain the permissions that are the same for all affected employees. In the example shown above, I assign the "findepartment_r" role as an example the "F-02" transaction authorisation.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
If you are having problems working with SPAM, read the note 17381This note gives you an overview of known problems and their solutions.
First enter a tilde (~) and define the value later in the derived roles.