Maintenance and transport of application and system modifications
SAP offers a huge toolbox of different technologies to support business processes. The usefulness of their use is essentially determined by the task and its technical requirements. We have gained a lot of valuable experience in the following technologies, which we would like to make available to you.
Have you ever wondered what there is actually a tab personalisation for role maintenance in the PFCG or for user data maintenance in the SU01? I will answer this question for you in this blog post. What do we need the Personalisation tab for? This tab gives you access to the central repository for personalisation data. The purpose of this repository is to create a storage facility for user- and role-specific data without the need to create additional database tables. This data should then be taken into account in all manipulations of users and roles. The functionality initially includes a generic repository for user- and role-specific data and centralised access to that data by user and role maintenance. It also provides the ability to connect existing tables with user-specific data to the central access via a defined interface. To store personalisation data in the central repository, a key must be assigned to the data: This is done via the registration transaction PERSREG. The personalisation data that you create is stored in the generic drop table. Access to it is provided by the class methods of the CL_PERS_ADMIN class. Different levels of personalisation The data can be stored either to the user, to roles or to the system. A user can then read all data assigned to him (via role or his own settings) at once.
Among other things, it determines which application server a user logs on to in order to distribute the workload (load balancing). The message server also enables the individual application servers to communicate with each other.
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
We can say that Basis is the operating system for SAP applications and ABAP.
You can find examples below.