ST03N Workload monitor
ORGANIZATION
If you want to evaluate for which tables a logging takes place, the table DD09L is suitable for this. The column "Log" shows you for which tables changes are logged.
The application servers provide the services for running SAP applications. In practice, companies usually decide to use a separate application server for each application.
System copy
In every company with several SAP systems, there is a person responsible for the complete SAP Basis topics, usually there is even a separate department for this. This person ensures the trouble-free operation of the SAP systems. The person responsible also accompanies maintenance work or upgrades and intervenes in special situations, such as poor performance. Even for companies that hand over operation of the SAP Basis to an external service provider, there are often tasks from the user and authorization management environment at this point.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
Select the desired user and client and the appropriate time window.
If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role.