SAP Patch Manager (SPAM) (BC-UPG-OCS)
Support for Basis Projects
With the SPAM transaction, you can always find out about the record status of your system. The SPAM transaction is included in the SAP Upgrade process. SAP Patch Manager (SPAM) (BC-UPG-OCS) SAP AG SAP Patch Manager (SPAM) (BC-UPG-OCS).
Here, too, the requirements profile for SAP Basis experts has shifted: Database administration is simply part of the job today. The majority of SAP customers place the SAP HANA database in the hands of the Basis team for build and run operations.
Support or substitution of your employees
This access method depends solely on the rights assigned to the user. System users: Users of this user group are comparable to SAP*. They act as administrator in the system. Therefore, they should be deactivated / set to inactive as soon as possible, as soon as the system operation is ensured. You should still be aware of the SAP ERP environment to address this security risk. In a HANA system, there are privileges instead of permissions. The difference is first of all in terms of terminology. Nevertheless, the permissions are assigned differently (directly / indirectly) via the assignment of roles. These are thus accumulations of privileges. As in older SAP systems, system users must be disabled and certain roles that already exist must be restricted. Compared to an SAP ERP system, small apps are allowed instead of large applications. In this case, attention should be paid to an individual authorisation. It should be a matter of course for users to have implemented secure password rules. Settings Securing the system also means securing the underlying infrastructure. Everything from the network to the host's operating system must be secured. When looking at the system landscape, it is striking that the new technology brings many connections that need to be secured. The SAP Gateway, which is responsible for the connection between backend and frontend, is also a security risk and must be considered. All security settings of existing and future components must be validated to HANA compatibility. Secure communication of connections is obtained when you restrict access where possible. Encryption of the data of a HANA system is disabled by default. Be sure to encrypt sensitive data anyway. Especially data that is archived. If an attack is made on your system, you should be able to run forensic analysis, so you should enable the audit log. Moreover, few users should have access to it.
To use all the features of the SAP Patch Manager, you need the following permissions: S_TRANSPRT S_CTS_ADMIN Both are in the S_A.SYSTEM permission profile. If you log in to the Mandant 000 and your user base contains the appropriate permission profile, then you can use all the features of the SAP Patch Manager. When you log in to another client or without the appropriate user profile, you can only use the display functions. Map this permission profile to the system administrator only. Only the system administrator should have permission to perform the following actions: Support Packages Download Support Packages Play Support Packages Confirm Successfully Recorded Support Packages Reset Support Package Status Support Packages eliminate errors in the SAP system or make necessary adjustments due to legal changes, for example. The affected objects will be replaced in your system. Each Support Package is valid for one release level (but for all databases and operating systems) and requires a precisely defined number of predecessors. The upgrade from the following release or revision level contains all support packages from the previous booths that were available until the upgrade was delivered. SPAM ensures that support packages are only played in the order specified. To avoid problems, play all support packages as they are deployed. This allows you to keep your system up to date.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
I_FORCE_DELETE Boolean, X = Delete despite error messages I_NO_TRANSPORT Boolean, X = This change should not be transported to subsequent systems I_NO_AUTHORITY Boolean, X = Ignore Permission Checks Work in the source system In the source system, go to transaction SE37 and call the function block "RSAP_BIW_DISCONNECT" : The descriptions of the fields are as follows.
The following dialogue will open: After pressing the "Create" button, a popup will open, on which you select the radio button "Transaction with parameters (parameter transaction)".