SWDM Business Workflow Explorer
SU01 User maintenance
Hosting environments and third-party offerings have also contributed to these improvements. Public cloud environments such as Azure and AWS provide a layer of abstraction that eliminates the difficult task of maintaining the hardware that was required with SAP on-premises.
He has already gathered a lot of helpful information from the day-to-day business in his department: Johannes knows the RFC interfaces and the corresponding technical RFC users from his work with the applications. He also quickly got the password for various RFC users via the radio ("As long as passwords are only communicated by phone and never exchanged in writing, we are clean!"). And that the RFC users are generously entitled even in productive systems is no longer a secret ("Better to have more permissions than too little; the RFC connections have to run, otherwise there is trouble from the specialist areas!"). Since Johannes has access to the SE37 as a developer, it is not a problem to get the necessary access using the function block BAPI_USER_CHANGE - disguised as RFC User. In short, it changes the user type of a technical RFC user in a production system from to by calling the function block.
SIMPLIFYING COMMUNICATION
This is where all the system's data resides. These are composed of the actual database and the DBMS, the "database management system". In earlier versions, the database here came from different manufacturers. For example, Microsoft SQL or Oracle. Since SAP HANA, a lot has changed for IT in this data layer. This is because the database comes from SAP itself and is automatically monitored by the system. There is more to this database layer than just the working data. Important elements such as the configuration tables and system data for control and application content are also stored here. This is the repository data used by applications.
Cross-client tables can be modified. The control system of another, productive client can thus be undermined and undermined. Quite a lot of power! Did you also know that the SAP system provides a feature that deletes table change protocols (DBTA BLOG table) and that it is effective across all clients? If the table change logs have not been additionally archived via the BC_DBLOGS archiving object, traceability is no longer available. That way, every criminal act within your company can be beautifully covered up. Similarly, full access to batch management allows you to manage all background jobs in all clients with the permission. This allows you to delete old background jobs that have gone unauthorised. There are also some points to consider when managing print jobs. Typically, the following two SAP access permissions are enabled to protect print jobs: S_SPO_DEV (spooler device permissions) S_SPO_ACT (spooler actions). Why? Confidential information in print jobs is not protected against unauthorised disclosure. (Strictly) sensitive print jobs can be read unauthorised or redirected to external printers and printed out. Print jobs are unprotected unless additional SAP access permissions are enabled to protect print output. The print jobs are multi-tenant, which means that the authorisation award should also be well thought through at the point.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Especially data that is archived.
Some useful tips about SAP basis can be found on www.sap-corner.de.
This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept.