Job Control
Fiori Permissions for tile groups in PFCG
The definition, organisational structure as well as the naming of the SAP basis is historically conditioned by previous SAP software versions and components. This also results in the perception of the SAP basis and the related focus of the SAP NetWeaver and the ABAP system core, which is still widely used today. However, the scope of activities has changed significantly in terms of tasks and technology and will continue to change in view of SAP's perspective and product strategy and the changing roles of IT. In order to accommodate this change and to change perceptions both in the overall context of the SAP ecosystem and within its own company, the SAP basis must develop a new self-understanding and establish a marketing for the publication of its own performance. The underlying information can be found in the master thesis in chapters 7.4 and 9.2.
In addition to the consultants working in the individual SAP modules, there is a subarea here that is not directly apparent to many and whose activities seem to be quite opaque: SAP Basis. The smooth operation of SAP systems as the heart of many companies is ensured by the work of SAP Basis administrators.
STANDARDISATION & AUTOMATION
The SAP Patch Manager (SPAM) is the online correction support (OCS) customer site. The SPAM transaction gives you the ability to easily and efficiently import support packages provided by SAP into your system. Depending on the system used or the configuration of your system, you must insert different types of Support Packages [page 8]. You will receive support packages in SAPNet - Web Frontend, in SAPNet - R/3 Frontend or on Collection CDs. Since SPAM runs within the SAP system, you do not need to know the operating system to handle the transaction. In the language usage of SAP, the term patch has been replaced by the term support package. Note that you can only work with this transaction in SAP GUI for Java and SAP GUI for Windows.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
With HANA, replication works instantly and offers richer features and better control than previous databases.
If it is not certain whether the transaction was entered in the menu or in the S_TCODE privilege object of the role, up to four transactions can also be checked by searching through the S_TCODE permission object.