SAP Basis Optimization of the SAP infrastructure - SAP Basis

Direkt zum Seiteninhalt
Optimization of the SAP infrastructure
For more information about the lowest support package level for SAP ABA and SAP Basis to install an SAP Basis plug-in, see basis-plug-in → SAP Plug-In → SAP Basis Plug-In → Releases on the SAP Service Marketplace. For more information about the lowest support package level for the corresponding SAP R/3 Plug-In, see basis-plug- in → SAP Plug-In → SAP R/3 Plug-In → SAP R/3 Plug-In Releases on the SAP Service Marketplace. This level depends on the release of SAP R/3 or SAP R/3 Enterprise.

The SAP Basis Plug-In is backward compatible and follows the release and maintenance strategy of the SAP R/3 Plug-In. SAP ships it together with the SAP R/3 Plug-In.
SWF_APPL_DISPLAY Evaluate application log
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.

For the authorisation requirement of a user, the transactions with user assignment already awarded should be determined accordingly, in order to be able to exclude them when selecting a suitable role. How does this work? There are various ways to identify specific user-assigned transactions, with varying degrees of result. The following article presents two variants. The first section first describes how to use SUIM to address the problem and what problems are encountered. It then explains how the task can be solved by using the transaction SE16N. As in the previous blog post Identifying all transactions of multiple roles, the roles Test_Schmidt1 and Test_Schmidt2 are used for this. Two of the transactions MM01, MM02, MM03 and MM04 were assigned to these roles in different ways. In the Test_Schmidt1 role, the transactions MM01 and MM02 were entered in the Role menu. In the Test_Schmidt2 role, the transaction MM03 was maintained in the menu of the role, but the transaction MM04 was maintained only in the S_TCODE permission object of the role. Both roles have been assigned to the user SCHMIDT_TEST. Identification of certain transactions with user assignment using SUIM This option is useful if only one transaction is to be checked for its existing assignment to a particular user. The audit is carried out here by means of the transaction SUIM. For this purpose, the variant "Roles according to complex selection criteria" has to be executed in the SUIM. After activating the option "With valid assignment of", the corresponding user and the transaction to be checked will be entered here. It is also recommended to hide the display of the collection roles in the search results.

Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.

SAP Basis, which means system administration and platform basis of SAP systems - quasi the operating level behind the SAP applications in the company.

Here the cursor can be placed in the object field and confirmed with Enter, then the query is made after a transport order.
Zurück zum Seiteninhalt