SPAM: Check Logs
Show table of contents
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
We set about creating detailed playbooks for all common scenarios - installations, portals, upgrades and migrations - and platforms. Today, hardly any consulting firm can do without them, but in my early days they gave us a decisive edge over the competition and earned us many satisfied customers.
Migration of SAP OS systems (between different operating systems)
Without this provisioning component, adjustments to employee permissions in the respective IT resources would have to be implemented by the relevant system administrators. However, manual provisioning processes are by their very nature a source of errors. If an employee's tasks change, the system administrator should consider all active user accounts when modifying and deleting accounts. A modern IDM system therefore helps companies to keep track of users and their permissions, especially in complex and heterogeneous system landscapes.
Since jobs and backups should run at set times for organizational or technical reasons, automating them is a good idea. In simple, clear system environments, many SAP Basis administrators help themselves with SAP CPS (Central Process Scheduling) and simple ABAP batch jobs that start operations or other jobs. Since the desires and the system environments usually grow continuously, this approach becomes complex and confusing over time and troubleshooting often becomes difficult. As a result, maintainability often falls by the wayside and error-proneness can increase. If different jobs are strung together to form chains, further problems arise.
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP base.
This person is responsible for the smooth operation of the system.
To influence the ABAP/Dynro generation, select Additions in the entry screen of the SPAM.