Development guidelines
SAP NetWeaver & SAP Gateway
PROJECT HISTORIES: THE SAP basis OF TOMORROW An entry in the Forum Infrastructure and Operations within the DSAGNet drew attention to the problem of the SAP basis as described above. This led to a lively discussion, which attracted a lot of interest from the members of the DSAM. Building on the interest and need for action of the member companies, a project was initiated by the DSAG as well as by the SAP, which should deal with the future of the SAP basis. Several companies were invited to participate and their willingness to participate actively was questioned in a DSAG survey. The first project meeting took place within the framework of the DSAG Annual Congress in Bremen in 2015. As a result, regular events took place at the SAP office in Freiberg am Neckar and St Leon-Rot, with the participation of up to 15 companies. In the project "the SAP basis of Tomorrow", current questions of the companies as well as the question of the SAP basis of the future were discussed and worked out with regard to the IT landscape, processes and organisational structure. A master's thesis was initiated to document and prepare the results as well as to examine the topic in scientific terms in parallel with the project. This was made at the University of Applied Sciences Würzburg-Schweinfurt as part of the Master's programme in Information Systems with Prof. Dr. Karl Liebschnitel and submitted for evaluation at the end of March 2016.
In order to escape the checks carried out by the iris scanners and ultimately his own arrest, a doctor illegally reuses his eyes and acts under a new identity. With the help of the new eyes he finally succeeds in entering the secured area of the "Precogs" and he can begin his investigation. Through this "biohacking" he not only deceives the biometric security systems - he compromises the highest police control system. All stories!? "Great stories!" think now. But: No one will ever fall for a simple trim. And anyway: Biometric security systems and eye transplantation? It's not for nothing a science fiction movie! What does this have to do with RFC security? All right, I can understand your doubts. But how do you like the following story, for example? RFC Security and the Art of Identity Change Germany, everywhere, 2017: Johannes Voigt has been a medium-sized company employee for several years. He is considered a reliable and conscientious developer from the IT department. In fact, he is increasingly unfairly treated. He decides that he no longer wants to carry his frustration with him.
Generate and monitor a revision-proof permission concept tool-based: The established processes for entitlement management, role application and assignment are not documented at all or in a central location in your company? In the revision, it was noticed that a written authorisation concept does not exist, is not up to date or that the processes do not meet the requirements?
Instead of data maintenance and application development, SAP Basis is more about providing and maintaining the software environment on which the data resides and is processed. Therefore, SAP Basis is an important core of any SAP infrastructure and is required in both previous versions such as R/3, as well as current versions such as S/4HANA 2021.
The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
Incorrect setup of the Change and Transport System Common errors are the lack of appropriate rights to the files of the Change and Transport System or the use of old programme versions of tp or R3trans.
Some useful tips about SAP basis can be found on www.sap-corner.de.
You can toggle the following properties on and off: Transmission Monitor If you enable the Transmission Monitor, you can monitor the download of the support packages from the SAPNet - R/3 frontend with a graphical monitor.