SAP Basis Table of contents - SAP Admin

Direkt zum Seiteninhalt
Table of contents
CG3Y File download
The SAP Authorization Concept course provides a fundamental overview of the SAP authorization concept. The goal is to understand the authorization concept and the ability to define individual authorization profiles. The delivered roles and the profile generator of SAP are used.

In some cases, the term SAP Basis is also equated with the administration of an SAP system, i.e. with a task description. In this case, it refers to the management and control of SAP systems via various administration and monitoring tools.

Some useful tips about SAP basis can be found on www.sap-corner.de.
Patches
You will need to download the support package again. CANNOT_DETERMINE_DATA_FILES: The name of a data file could not be determined because a profile parameter was not configured correctly. Verify the settings using the RSPARAM report. CANNOT_DISASSEMBLE_R_DATA_FILE: Unable to extract an R3trans data file. A possible cause of error is that the appropriate OCS file was not found or the data file could not be opened for writing. An error occurred while transferring a 20K block from the EPS inbox to the /usr/sap/trans/data (UNIX) directory. CANNOT_DISASSEMBLE_D_DATA_FILE: Unable to extract an ADO data file. The reasons are the same as for CANNOT_DISASSEMBLE_R_DATA_FILE. CANNOT_CREATE_COFILE: The cofile could not be created from the corresponding data file. One of the possible causes of error is that adm does not have write permissions for the /usr/sap/trans/cofiles (UNIX) directory.

A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.

Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.

After the query is executed, all the roles assigned to the previously entered user are displayed.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.


In order to carry out its activities, it is necessary to have already acquired practical experience in the operation of its thematic focus.
Zurück zum Seiteninhalt