TABLE LOGGING AND TABLE PROTECTION
Conceptual support for the architecture of system landscapes
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
We are transparent and open. It is not part of our philosophy to make ourselves irreplaceable with you. In our eyes, this is a matter of course for a long-term partnership.
Willingness for further training
For more information about the lowest support package level for SAP ABA and SAP Basis to install an SAP Basis plug-in, see basis-plug-in → SAP Plug-In → SAP Basis Plug-In → Releases on the SAP Service Marketplace. For more information about the lowest support package level for the corresponding SAP R/3 Plug-In, see basis-plug- in → SAP Plug-In → SAP R/3 Plug-In → SAP R/3 Plug-In Releases on the SAP Service Marketplace. This level depends on the release of SAP R/3 or SAP R/3 Enterprise.
Through a sound expertise in the SAP technology environment, it is recommended to bring the know-how of the SAP basis into the IT strategy and IT roadmap. For this, the responsibility lies primarily with the CIO as the carrier and responsible of the IT strategy and the IT organisation. Likewise, the SAP basis should serve as a sparring partner for individuals and boards (such as enterprise architects) that significantly influence the strategy.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
For more information, see SAP Service Marketplace at basis-plug-in → SAP Plug-In → SAP Basis Plug-In → Releases.
The SAP basis is supported by an IT service and IT product catalogue, which describes the scope of the SAP basis.