SE10 Transport Organizer
Error minimization & data security
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
After the addition of Java Stack (the applications developed in J2EE, BSP, JSP, etc), the security standard for business processes was increased. Both ABAP and Java stack can be monitored from one platform. Netweaver supports standard protocols such as HTTP, SMTP, XML, SOAP, SSO, WEBDAV, WSDL, WMLSSO, SSL, X.509 and Unicode format (text processing representation).
PI Interfaces, Web Services (Process Integration/Orchestration)
Today, "SAP Basis" often does not mean (only) the software architecture. Instead, the term is not infrequently a task description. This refers to the basic administration of the system: installation and configuration, resource management, maintenance and monitoring of a company's SAP setups. This can include user management, patch management and system monitoring. Backup policy, rights management and daily maintenance tasks are also responsibilities of Basis admins.
Standardisation of SAP operations as well as SAP systems can be seen as a preparation for automation as well as for cloud, outtasking and outsourcing service forms. Therefore, in the whole context of standardisation and automation, a sequence of tasks and systems needs to be followed. To do this, it is necessary to first make a detailed documentation of the respective object, which also describes the IST state in detail. A standardisation strategy can then be developed, defined and implemented. Only then can we consider automation, outtasking, cloud, and outsourcing.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
Poor test preparation The relevant processes have been defined, the test plans have been created and the test period has begun - so can testing begin? Not always.
Some useful tips about SAP basis can be found on www.sap-corner.de.
In addition to this, as already discussed by Recommendation [A2], it is then worthwhile to establish a catalogue of criteria for evaluating and looking in detail at certain characteristics of the application or services.