Fiori permissions for apps and catalogues in the launchpad
SWE2 Event type linkage
In the authorization environment, in addition to assigning authorizations to SAP users, there are a number of important SAP Basis settings that you should check regularly to ensure that your SAP system is fully protected, both internally and externally. For example, particularly in the context of an audit, it is important to ensure that changes to the SAP system always remain traceable. In this blog, I would like to show you how you can best implement this and what to look out for.
In many companies, the SAP system is the linchpin of everyday business. To ensure that the system is available at all times, an SAP Basis team ensures its smooth operation.
Maintenance of profiles and operation modes
With simple job programming, you can start in clear environments with few dependencies. If the number of jobs and the complexity increases, an automatic job control is a good choice. Honico Batchman is such a solution, a 100% SAP integrated AddOn, which is quickly and easily installed via normal transports. The advantage here is that no additional infrastructure is required; instead, the existing SAP system landscape is used for the entire control and execution without incurring a loss in performance. This also ensures full audit and operational security (compliance). Since pure SAP systems are rather the exception, non-SAP systems can also be controlled and monitored. As a third option, high-end solutions are available that additionally monitor the infrastructure and legacy. Widely used products in this segment are UC4 and Arvato Streamworks. These three solution options differ significantly in terms of price and scope of services. IT departments in companies must therefore evaluate which solution is best suited to their own requirements.
This makes the technical user the dialogue user and a login in the SAP system is unrestricted. So Johannes logs in with the known password of the RFC user in the production system. Thanks to very extensive permissions, it now has access to all sorts of critical tables, transactions, and programmes in production. With the identity of the RFC user Johannes starts with the technical compromise of the production system... RFC Security: All invented - or everyday threat? Whether a simple trim, altered biometric properties or an encapsulated technical user in the SAP system: the basis of the compromise is the same. A person uses a different identity to gain access and permissions to protected areas. Moreover, the evil in all three stories could have been prevented by pro-activity. When was the last time you thought about the security of your RFC interfaces? Can you say with certainty that all your technical RFC users only have the permissions they actually need? And do you know who exactly knows the passwords of these users? Can you 100% rule out that not now in this moment an SAP user with a false identity infiltrates your production systems? Change now: It's about pro activity! But before you start now and start looking for the "identity converter" (which I really do not recommend!), I suggest that you take root of evil and proactively strengthen your RFC security. So if you want to find out more, I have the following 3 tips for you: 1) Our e-book about SAP RFC interfaces 2) Clean up our free webinar about RFC interfaces 3) Blog post about our approach to optimising RFC interfaces As always, I look forward to your feedback and comments directly below these lines!
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP basis.
A typical example is the TEST_IMPORT step.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
This layer is therefore also referred to by SAP as the actual basis system.