Cooperation with internal support
SUIM User information system
Although you always make sure that authorization roles are generated when administering them, it happens again and again that there are red lights in the user assignment in the production systems. Have you considered user matching?
In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!
SAP Basis: the heart of the SAP system
However, the tasks also include strategic and planning aspects. For example, administrators define requirements and standards, select and control upgrades or extensions, implement monitoring processes, and take care of necessary backups and emergency management.
At best, for the time in which an emergency user is in service, a separate log of the activities undertaken is written, which can then be evaluated. In the following chapter I would like to explain our best practice approach to implementing an emergency user concept. Our approach to using an emergency user concept We have had good experience with the use of the Xiting Authorizations Management Suite (XAMS) in this area. This suite consists of various modules for creating role concepts, managing permissions including a permission concept, and also enables the implementation of an emergency user concept. XAMS works here with a limited time assignment of reference users with extended privileges to enable the emergency user concept. A self-service application may be made with a justification and a period for allocating special rights. The application window is illustrated in an example in the following screenshot: Evaluation of the use of the Emergency User Concept Once this request has been initiated, a new mode will be opened for the user, in which he can work with the extended rights. In addition, depending on the configuration, a stored workflow can be initiated as an approval process, or pre-defined controllers will be notified by email to verify activities. Once the session has ended with the emergency user, the responsible persons will receive another email with the logged activity of the user with the extended permissions. One of these logs is shown in the next screenshot: These logs can also be viewed in the system. Here you will get an overview of all the sessions that have been run. In addition, it is possible to approve activities with special rights after an evaluation. This allows the controller to get an overview of the activities undertaken with the emergency user. If you are using this Emergency User Concept and following these steps, you can ensure: Each user on the production system retains his or her original necessary rights.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
One particularly effective way to protect against this are so-called Access Control Lists (ACL).
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The SAP Basis consultant should be able to perform the following tasks.