SCC1 Client copy
Archiving and DART
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
In order for the stored business logic of an application to be executed correctly, the executing user must also have the necessary permission objects in the flow logic of the OData services in his role. If Authority Checks are performed here, e.g. to query or change data on the backend server, the corresponding role must be authorised. These permissions are expressed in a role by permission objects, as in any ABAP report. If you follow these steps, your Launchpad users should have the Fiori permissions necessary to launch the launchpad, view all relevant tiles, and run the specific apps with their business logic.
SM19 Security audit
Soft skills also play an important role in this profession. In everyday life, communication skills are in demand, because SAP administrators are often in close contact with customers and have to respond to their wishes and questions. They also need to be able to work in a structured manner and find creative solutions and decisions. In order not to lose touch, continuous training in this area is advisable.
If you are running a multi-system landscape with a common transport directory, it is convenient to enable this option only in the first system you are inserting support packages into, and to disable it in the following systems. Since the data files no longer need to be regenerated there, this saves time when playing in. Delete data files after inserting You can specify whether the data files should be deleted after inserting the support packages. This saves disk space and is enabled in the default setting. If you are running a multi-system landscape with a common transport directory, it is convenient to disable this option, since then the data files in the other systems no longer need to be re-created (see above Regenerate data files). Execute ABAP/Dynpro generation This option determines whether the programmes and screens shipped with the support packages should be generated during the commit. Note that generation can take a long time. Without automatic generation, the programmes and dynpros are not generated until the first call. Note that this parameter can only be affected by you if the generation is allowed by SAP during the insertion of this support package. The SPAM update does not affect the generation. SPAM Settings Option SAPM Basic Setting Transmission Monitor From Scenario Standard Rebuild Data File A data file after the example. Delete Do a Generation From Use the transaction SPAM to insert Support Packages [page 8] into your system, regardless of whether the support packages come from the SAPNet - R/3 Frontend, the SAPNet - Web Frontend, or Collection CDs. Prerequisites User: It must have the appropriate permissions [page 7] for the SAP Patch Manager. He must be registered with the client 000. He must have called the transaction SPAM. Select Tools ABAP Workbench Tool Maintenance Patches or enter the transaction code SPAM.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
HR Organizational Management comparison: This comparison type updates the indirect assignments of all selected single and composite roles that are linked to elements of HR Organizational Management.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
With all these tasks we can support you to compensate e.g. bottlenecks or failures as well as fast growth in your teams.