Management of databases
Installation of the SAP system landscape, backup, restore and snapshot routines
In the last few years, I have been asked time and again what SAP Basis is and what we SAP Basis administrators do in our daily work. With this blog post I would like to provide a little insight into exactly this area of work.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
However, the system modifiability has no influence on customising changes that are customised by the client. If you want to set the customising changes to customise, you must go to the client control. You can achieve this either by pressing the button "Client Control" when changing the system or by calling the table T000 via the transaction SM30. If you are now in the list of clients, you can double-click on the respective row to jump into the settings of the respective client. Here you can also make the desired settings and save them. Step-by-Step Tutorials System Modifiability (Customising Settings and Repository Objects that are independent of the client) Call the SE06 and click on "System Modifiability". Adjust the desired objects and global setting, depending on your request. Save the changes. Client control (custom customising settings) Call the T000 table in the SM30. Double click on the desired client. Change the settings here depending on your request. Save your changes.
You can call the SPAM transaction in one of the following ways: Select SAP menu Tools Maintenance Patches. Enter the transaction code SPAM. Features The SAP Patch Manager provides the following features: Loading Support Packages: Requested support packages can be loaded into your system from SAPNet - Web Frontend, SAPNet - R/3 Frontend, or Collection CDs. Inserting Support Packages: Resetting When SPAM inserts a support package into your system, a fixed sequence of steps is followed. If the Support Package implementation stops, you can resume processing at a later time. The operation will resume where it was cancelled.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
In this article you will learn where the dangers lie if you do not limit the user ID.
Important: In the end, all instances must be green.