DOCUMENTATION / ARCHIVING
Design of the SAP landscape
This is the heart of the SAP system. In the classic three-tier model, this would be the logic or control layer. One or more application servers host the necessary services for the various applications on this layer. These application servers provide all the services required by the SAP applications. In theory, a single server could fill this role. In practice, these services are in most cases distributed among several servers, each serving different applications.
Especially after security incidents it may be necessary to find out which (technical) users have logged in at which time. The USR02 table provides a first entry point. In the TRDAT column you can find the last login date for the user you want. However, a history of previous applications is not found in this table. In such cases, the Security Auditlog or SAL helps. Preparation In order to access the desired data, it must also have been saved previously. In the Security Auditlog, you can use various filters to determine which users are logged on which client and which information. The Security Auditlog stores, depending on configuration, logins, RFC calls, and other actions for specific users. You can make these settings in the SM19 transaction. Note: Logging user activity must be aware of the users concerned! Configure the SAL only for technical users or in consultation with users / works council / etc. It can be seen there among other things when the SAL was activated and last edited (1). You can also select the various filters (2), activate the filters individually (3), specify clients and users (4) and specify which activities are logged (5). Static configuration in the SM19 Under the Dynamic Configuration you can also see if SAL is currently active for the system. Determine the status of the SAL Evaluation of the SAL If the Security Audit Log is active, switch to the SM20 evaluation of the Security Audit Log. Select the desired user and client and the appropriate time window. The option Dialogues login is sufficient for the login. Then, restart the AuditLog analysis. Start evaluation You will get an overview of the user's login to the selected client of the system.
Interfaces
But when it comes to the intricacies of large SAP environments, Ansible quickly reaches its limits. If you want to use Ansible to implement simple automations - for example, starting and stopping SAP environments - you have to put up with a lot of manual effort and complicated scripts.
SAP lockout issues: Call the SM12 transaction and make sure that there are no programmes named RDDIMPDP. For more information, see Note 11677. ADDON_CONFLICTS_? This step checks to see if there are conflicts between objects in the queue and add-ons installed. If there are such conflicts, SPAM will cancel and prompt you to play the appropriate Conflict Resolution Transports (CRTs).
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
If administrators or admin teams want to maintain an overview, they have to rely on meaningful monitoring.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
All of the above tasks have been part of SAP Basis Administration for decades.