Oracle, MaxDB and MS SQL databases
E-Book SAP Basis
The following figure shows the logging for the SAP standard group "SUPER". For this group, all activities are recorded in all clients.
The CodeProfiler prevents poor-quality code or programs with security vulnerabilities from entering a productive SAP system landscape in the first place. It is therefore important to use the CodeProfiler throughout the entire lifecycle of a software. Already during programming, the CodeProfiler helps the developer to identify and correct errors and vulnerabilities in the SAP landscape. The CodeProfiler automatically ensures that only "clean" code is transported to the next level (development system -> test system -> quality assurance system -> production system). The CodeProfiler can also be used for regular review cycles.
From a purely technical point of view, each generated authorization role contains a profile from which a user receives the actual authorization objects and authorization characteristics. If this profile is outdated or not assigned at all, the user will not have all the authorization objects contained in the authorization role. Incidentally, the problem arises particularly frequently after role transports: If an authorization role is changed in the development system and then transported to the production system, the current profile is not automatically assigned to the users with the respective role. A user comparison must therefore be performed here.
The SAP NetWeaver Application Server Add-on for Code Vulnerability Analysis tool, also known as Code Vulnearability Analyzer (CVA), is a tool that performs a static analysis of user-defined ABAP source code to detect possible security risks. The tool is available in the NetWeaver ABAP stack and is based on versions from: 7.0 NetWeaver: in EHP2 SP 14 or higher / 7.0 NetWeaver: in EHP3 SP 09 or higher / 7.3 NetWeaver: in EHP1 SP 09 or higher / 7.4 NetWeaver: in SP05 or higher To use the CVA tool, the execution of system-wide security controls must be enabled with the RSLIN_SEC_LICENSE_SETUP report. Afterwards, the security checks are available in standard ABAP code checking tools such as ABAP Test Cockpit (ATC) or Code Inspector (SCI). The option of these checks is usually referred to as "security analysis in extended program check". Note that the use of the security check feature for custom code separation is licensed and incurs additional costs. The older program that has been around for years is Virtual Forge's "Code Profiler". It is one of the first products in this segment of SAP security and was used by SAP itself for many years. It is very comprehensive and is also able to track individual variables across the entire control flow. This leads to very precise statements and a reduction of false positives.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
The goal of an automated environment is not to have to react manually to every faulty job.
As a company, you have to decide whether you want to leave the support of your system within your company or place the "Basis" in the hands of an SAP expert.