SWETYPV Event type linkage
What is SAP Basis?
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
Due to the variety of tasks and the high complexity, I find my job extremely exciting. There are very many constellations of SAP systems and databases. Each installation, migration and update brings new aspects and challenges. It is precisely these challenges that are important to me, so that I can continue to learn and develop professionally on a daily basis.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Client Copy / Export
Transporting transport orders from one system line to another or importing third-party transport orders into the SAP system is also an occasional task for an SAP basis administrator. As in my last blog post on system modifiability, I would like to offer you a way to quickly present this topic. So you will find a step-by-step guide which you can follow if you have already understood the content of the topic, but only the steps need to be taken. What are the requirements? Transport orders include two files, titled "data" and "cofiles". These files consist of a six-character alphanumeric combination and a file extension, which often represents the system from which the files were exported. The first character is always a K (the cofiles file) or an R (the data file). For our example we call the files K12345_DEV and R12345_DEV. These files are of course needed for an import into your own SAP system. Furthermore, you need access to the file system or the SAP directories, as they have to insert the above files there manually. In addition, the transaction STMS is required in the SAP system because it attaches the transport orders to the import queue. Now, if you have all of this available, we can start with the import: What is the procedure? Operating System Level Preparation. The first step is to copy the files to the transport directory of the SAP system. This is usually below /usr/sap/trans, but can be changed individually depending on the system. If you want to make sure that you are working in the correct directory, you can look in the transaction AL11 to see which directory is specified under "DIR_TRANS". This is the right directory to work on. Here the existing files are copied into it, namely the cofiles file (K12345_DEV) in the cofiles folder (/usr/sap/trans/cofiles) and the data file (R12345_DEV) in the data folder (/usr/sap/trans/data). Note: In this case, especially for companies with multiple systems on multiple servers, the access permissions and the file owner need to be changed so that the import in the target system does not cause problems.
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
BUILDING OVERARCHING EXPERT TEAMS WITH SAP basis INVOLVEMENT To reduce organisational friction points as well as to optimally handle selected topics, it is recommended to set up expert teams with the participation of the SAP basis.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
This is an attempt to generate cooperation successes through joint development and subsequent commercialisation in networks.