Migration of an SAP system to other server landscapes
Planning & design of the system architecture
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
The analysis shows you in the form of a traffic light output (red-yellow-green) whether the respective settings are configured correctly. In addition, you can also view the detailed values of the respective settings.
RECOMMENDED GATEWAY SETTINGS FOR RFC SYSTEM PROTECTION
This step prompts you to customise your modifications to Repository objects by calling the transaction SPAU. EPILOGUE In this step the insertion is completed. Among other things, it is checked that the queue has been fully processed. SPAM: Troubleshooting The SAP Patch Manager performs several steps during the recording. If errors occur, SPAM will interrupt the playback to ensure consistency of the recording. After fixing the error, you can resume playback. When you cancel, a dialogue box appears with the information on which step and why the editing failed. This dialogue box is also available when you select Jump Status and then Queue, Support Package or SPAM Update (View Support Package Status (page 29)). Depending on the processing step in which the error occurred, the dialogue box will provide you with additional specific assistance to correct the error. You may also need to reset the status of a Support Package [page 36]. If you are having problems downloading Support Packages from the SAPNet - R/3 frontend, please see Note 34376. If you are having problems working with SPAM, read the note 17381This note gives you an overview of known problems and their solutions. For a list of the most important information about Online Correction Support (OCS), see Note 97620, which is updated regularly. If you are unable to resolve your issue with the information provided or with the following information, then record a problem message in the SAPNet - R/3 frontend with the information from the error dialogue box and send it to the BC-UPG-OCS topic group. Note 97660 when capturing the problem message. See also: Generation Error [Page 30].
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
This installation is planned using a tool from SAP, the "Maintenance Planner", and then carried out using the SWPM (Software Provisioning Manager) and SUM (Software Update Manager) tools.
If you want to get more information about SAP basis, visit the website www.sap-corner.de.
The decision to outsource a task or service should be taken not only in terms of cost, but also by assessing the competitive differentiation and strategic importance.