AL08 System-wide list of user sessions
In order to drive innovation in the company, it is necessary to establish a team or a few experts whose recognised role is to promote research projects and PoCs, to continuously train themselves in this regard, to develop innovation proposals and to bring them into the committees. They are therefore largely excluded from operational operations. CONSTRUCTION OF A TEST LABORATORY In addition to resources, it is also necessary to create the framework conditions for the implementation of the research and pilot projects. To this end, it is recommended to set up a test laboratory with as few restrictions as possible on company standards. These are often so massive that a quick and effective implementation of pilot projects is severely hindered or completely prevented.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Update & Upgrade
You wanted to rush to release a transport order in the quality system of your SAP landscape and accidentally clicked on "Reject" instead of "Approve"? Now the order cannot be transported any further and will soon be cleared by job from the queue? Don't despair: In this blog post, I'm going to tell you a simple way to get rejected transportation to the production system anyway. As a reader of our blog, you are certainly interested in tricks and tricks that will make your SAP system easier to handle. You may be aware of the situation where you want to approve a transport order quickly after the test has been completed and you have clicked in the system when the order was released. The problem now is that the transport order in the system now has a status of "rejected" and can therefore no longer be transported. In total, a transport order may receive important changes that you would have liked to have transported to the production system. Approach to release rejected transport orders The screenshot below shows the situation in the STMS transaction where a transport order in the quality assurance area was rejected. Therefore, an import into the production system is no longer possible. The transport job can be removed either manually or through a job. The question here, however, is how the amendments which were wrongly rejected can be transferred to the subsequent system. Rejected Transport Order Tip: Leave the status on Rejected, remove the rejected transport order from the import queue, if necessary, and follow the next steps. Switch to the import queue in your quality system. Go there via Additions -> More Orders -> Attach to the modal window where you can perform further steps.
ABAP is therefore the tool of the trade for SAP developers. ABAP programs are executed on an SAP NetWeaver application server, which in turn is operated by SAP Basis employees.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
I also explain how to eliminate this security risk.
With the function module SWNC_COLLECTOR_GET_AGGREGATES one can thus determine the most important SAP Basis transactions.