Windows
Analysis and elimination of technical problems in the SAP Basis environment under the platforms ORACLE and Windows
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
The Queue determines which support packages are inserted into your system in which order by the SAP Patch Manager. If the queue is not yet fully defined, you must define the queue from the available support packages. If the Queue is already fully defined, it is only displayed; they no longer have the ability to change the selection. However, you can delete the queue completely with Queue [page 37]. Note that your system is inconsistent when you delete the queue after objects have been imported (for example, after an error in the DDIC_IMPORT step and following). The deletion in these SPAM steps should only be used for troubleshooting and you should repeat the insertion of the support packages as soon as possible. The SPAM transaction ensures that only support packages that match your system are displayed in the queue. Support packages intended for another release or an uninstalled add-on will not appear in the queue, even if they are loaded into your SAP system. For more information, see Rules for the Queue [page 19]. You must define the queue before you insert support packages. Prerequisites You have loaded the appropriate support packages with the SPAM into your SAP system [page 15]. Procedure To define a queue, select View/Define SPAM on the entry screen of the transaction. The Select Component dialogue box appears. You will see the list of installed software components (e.g. SAP_BASIS, SAP_HR, SAP_BW, Add-On). Select the desired component. You see the available queue. This queue contains the support packages available for the selected component in your system, and any required Conflict Resolution Transports (CRT), as well as associated Add-On Support Packages. You can: If the queue you see matches your wishes, you can accept the queue with Queue confirm and leave this selection window.
Provision resources in minutes instead of weeks
Companies face a major challenge. The world is not going digital, but it is already. The age of digitisation and the related technological changes, as well as the demands of customers, bring new opportunities and new challenges for companies. In addition, the product strategy is changing, including that of SAP. In order to achieve the associated goals of the company and to implement them as effectively and efficiently as possible, the SAP basis must contribute to the design of an IT roadmap and to the design of the digitisation and also cloud strategy. A detailed review of the IT Roadmap recommendation is carried out within the master thesis in chapter 7.9.
You can call the SPAM transaction in one of the following ways: Select SAP menu Tools Maintenance Patches. Enter the transaction code SPAM. Features The SAP Patch Manager provides the following features: Loading Support Packages: Requested support packages can be loaded into your system from SAPNet - Web Frontend, SAPNet - R/3 Frontend, or Collection CDs. Inserting Support Packages: Resetting When SPAM inserts a support package into your system, a fixed sequence of steps is followed. If the Support Package implementation stops, you can resume processing at a later time. The operation will resume where it was cancelled.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
This scenario allows you to estimate and minimise the time and effort required to load support packages.
The SAP Standard offers different approaches for gate protection.