SE24 Class Builder
Installation Services in all common environments
A well-cared-for emergency user concept enables the audit-proof allocation of extended permissions in combination with the assurance of daily operations in your company. This article first addresses the fundamental issues that require an emergency user approach. It then briefly explains how such a concept works in general and how we implement it. An Emergency User is normally used when tasks are temporarily taken over outside the initial field of activity. I described the different scenarios of when such a user can be used and how to deal with them in this blog post for you. Why is an emergency user approach important? There are several scenarios in which the use of an emergency user with extended rights is useful: In urgent cases, it is often necessary to be able to quickly make changes to the system that are outside the user's actual field of activity. A key user who has the necessary permissions is on vacation and needs a representation. The same user suffers short-term illness and his/her representative must take over his/her duties to ensure the operation. We recommend developing a concept for the short-term allocation of the additional permissions. This will ensure the implementation of the above scenarios. How does an emergency user approach work? An emergency user concept in SAP works fundamentally via a temporary assignment of additional rights to a specific user. After the tasks have been completed, the user is deprived of the rights. The tasks performed with the extended permissions are logged and can then be evaluated by an auditor. However, there are a few things to keep in mind: A process for granting special rights should be defined. It must be specified which users can get special rights. The time period for which users can request an emergency user should be limited.
Application layer: The application layer is the central component of the SAP ERP system and is therefore also referred to as the base system. All applications and calculations are executed here. The application layer communicates with both the database layer and the presentation layer. On the one hand, it requests data from the database layer, processes it and then passes it on to the presentation layer. On the other hand, data that is newly entered in the presentation layer is passed on to the database layer and stored there.
SP01 Output controller: spool requests
To best adapt your SAP system to the internal and external requirements of your organization, further table-related customizing is required. Here, SAP offers the possibility of logging changes to critical tables through table logging.
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
Innovation without IT is unimaginable.
In addition, a company can decide whether it will use the e-learning offer itself only for its own employees (for internal training purposes) or whether it will also present the offer externally.