Implementation of a highly available HANA data solution
As we know, BASIS is a set of tools. This tool has the following different functionalities.
Do you want to allow an employee access to exactly one view maintenance dialogue, but he should not be able to search for other care views in the SM30? This can be done easily with a parameter transaction. Learn how to create such a transaction step by step here. To create a parameter transaction, navigate to the SE93 first. Here you can create all types of transactions. The following dialogue will open: After pressing the "Create" button, a popup will open, on which you select the radio button "Transaction with parameters (parameter transaction)". In addition, type a short description as usual and confirm. The following dialogue will open: The transaction code must be specified here first. If you want to skip the entry dialogue when invoking the parameter transaction, and there is no way to open tables other than the one you want, make sure to select "Skip Entry Image". Furthermore, the GUI properties of the SM30 should be inherited so that the parameter transaction can be started with the same software. Configuration of the parameters In the lower part of the dialogue you will find a table ready for input. Here you can use the search help (F4).
Identification of specific transactions with user assignment
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
A simpler option is to output the transactions used by the expert as a list and to obtain an overview of the task areas. The function block SWNC_COLLECTOR_GET_AGGREGATES is very suitable for exporting the used transactions in a list. As an alternative, one can directly use the workload monitor in the transaction code ST03N.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
Not to forget the help system and data backup in your SAP systems.
It is possible to identify master and derived roles by using naming conventions.