Variable pricing
TECHNOLOGY ARCHITECT (TA)
SAP Basis Administration Batch Control Job Control A large proportion of batch jobs run at night, while IT systems are available for dialog and online applications during the day. Meanwhile, web applications demand computer capacity around the clock. Even dialog systems are no longer in operation only from 8 a.m. to 6 p.m., but between 7 a.m. and 10 p.m. or longer. The time window for administration tasks is increasingly shifting toward transaction processing. This leaves less and less time for mission-critical batches, which can lead to disruptions and terminations. Whereas batch processing used to be a mainframe domain, companies today usually have to control background processing in heterogeneous operating system environments and client-server applications. For this reason, cross-platform, integration-capable job schedulers that can respond to unplanned events are in demand.
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
SAP Business Server Pages
THE SAP basis AS AN OPPORTUNITY ALMOST EVERY INNOVATION IN THE COMPANY HAS A TECHNICAL FOOTPRINT IN THE BACKEND, WHICH MOSTLY REPRESENTS AN SAP SYSTEM. HERE, THE SAP basis CAN HELP CREATE AN ADDED VALUE FOR THE COMPANY. EARLY INVOLVEMENT IN THE PROJECT IS ESSENTIAL.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
What are the requirements? Transport orders include two files, titled "data" and "cofiles".
Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system.