Use of the Security Audit Log
In order to ensure the necessary expertise both in the direction of application and application-related IT departments as well as in the direction of infrastructure units, the SAP basis should be divided into an infrastructure-related SAP basis and an application-orientated SAP basis. The infrastructure-based SAP basis acts as a contact level and point of contact for IT departments such as virtualisation, storage management and databases. The application-orientated SAP basis serves as the contact and coordination level for application-related topics. BUILDING OVERARCHING EXPERT TEAMS WITH SAP basis INVOLVEMENT To reduce organisational friction points as well as to optimally handle selected topics, it is recommended to set up expert teams with the participation of the SAP basis. These teams of experts can be virtually organised and therefore of temporary duration and consist of participants from all relevant IT disciplines or business areas. If the topic of the virtual group of experts is the focus of the SAP basis, the SAP basis will take over the management and control of the expert team.
If you get a tp-step in the cancel message, it is a transport order-independent step whose logs cannot be displayed with logs. In this case, analyse the following files: tp-Step 6: P
tp-Step N: N tp-Step S: DS All protocols are located in /usr/sap/trans/log.
REGULAR PARTICIPATION IN INFORMATION EVENTS
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Instead of letting the power consumer determine each parameter individually, the SAP basis can now create meaningful bundles, such as the power server with a lot of processor power, memory and disk space, and the light server in a simpler setup. Each bundle has its own price, which requires preparation and consideration. The principle of consistently aligning IT services with repeatable standards is thus directly linked to the standardisation of processes and technical specifications. Standardised products can only be offered if process processes are standardised. Likewise, these can only be offered as simple and comprehensible product bundles if technical standards are established.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
This applies in particular to specialised roles.
Encryption of the data of a HANA system is disabled by default.