Ensuring secure administration
Set password parameters and valid password characters
RFC connections are interfaces for many local and global system processes, but also a security-relevant source of errors for many companies. The RFC interfaces and associated system users often have too strong authorizations and can quickly be misused by unauthorized persons to view sensitive company data. It is therefore important to always keep these system connections in the focus of global monitoring and to check which RFC destinations lead where and what they do. For this purpose there is the program RSRFCCHK which allows you to perform specific tests for your RFC system landscape. On the one hand the content of the RFCDES table is checked and on the other hand the corresponding user properties of the system users are displayed as an overview. Consequently, important parameters such as the target machine, the client, the background user or also the password property can be checked in an overview.
Software license management is essential to get an accurate overview of all SAP transactions. We provide you with a transaction database in which the transactions are evaluated with named user license types. Your advantage: the actual usage of your SAP users is matched with the transaction database. "SAP direct access" analyzes the licenses for actual usage and classifies the critical cases. With SAP license optimization we maintain your individual license contracts and compare the results with LAW. We can point out discrepancies, including drill-down to user/client level, directly.
SAP Security Automation
Custom programmes should be protected with permissions, just like standard applications. What rules should you follow? Introductory projects usually produce a large number of customised programmes without being subjected to a permission check when they are executed. For your programmes, you should create custom permissions checks by default and manage them accordingly.
It is important that after the AUTHORITY-CHECK OBJECT command is called, the return code in SY-SUBRC is checked. This must be set to 0; only then a jump is allowed.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
Then use the report SU24_TRANSPORT_TABLES to transport your SU24 data.
If you want to know more about SAP authorizations, visit the website www.sap-corner.de.
However, you can maintain your own UI components as external services with suggestion values in the SU24 transaction and take advantage of this information in PFCG role maintenance.