High flexibility for ad hoc growth
Schedule and execute background jobs
If you now want to change the permission data, you will be asked for values for the appropriate organisation levels. First enter a tilde (~) and define the value later in the derived roles. Maintain the permissions you want and then generate the master role. Adding the organisational level to the master role Step 2: Define derived roles Create derived roles Assign the master role After you have created the master role, it is the derived roles that are in the process. To do this, re-enter a suitable role name via the PFCG. In our example, it is called "findepartment_d01". For a better overview, it is usually useful to name and number the derivatives after the master roles. You can also define the roles according to a different scheme. After you have created the role, you must then enter the master role in the Derive from Role field in the Description tab. Confirm the Auto Enquiries. Customise the Organisation Levels Now go to the "Menu" tab. There you can see that the data from the master role was automatically copied. Since the role has not yet been generated, the Permissions tab is currently highlighted in red. Therefore, call "Change Permissions Data". The first call should automatically open a dialogue to maintain the organisational levels, as they are still empty. If this is not the case, or if you would like to adjust the organisational levels again in a later case, you can also access them via the button Ordende (see screenshot). If everything worked well, you can now see that the permissions were also automatically taken from the master role. If you generate the role, the permission tab will also appear green. Congratulations, you have successfully created a derived role! Repeat step 2 with the additional derivatives to adjust the organisation levels accordingly.
In many companies, the SAP system is the linchpin of everyday business. To ensure that the system is available at all times, an SAP Basis team ensures its smooth operation.
Support or substitution of your employees
You would like to know more about what is happening on your SAP systems - then I recommend that you take a closer look at the Solution Manager Usage Procedure Logging (UPL) functionality. What code is often executed? Which database tables are accessed regularly? What unused developments exist? - The UPL provides answers to these questions. You can implement the functionality into your existing SAP landscape without additional licence costs and with moderate effort. What information does the UPL provide? Usage Procedure Logging is used to log and record user behaviour data roughly comparable to the ST03N workload statistics. UPL is able to record the call and execution of the following ABAP objects: Reports Functional Blocks Classes Methods Subroutines SQL Calls In addition, UPL is able to detect dynamic programme calls and generate transparency about the modifications used. All usage data is recorded in detail and automated and, if desired, made available centrally in the SAP Solution Manager. Benefits 1) Hardly measurable Performance Impact 2) Central collection of data of all systems in the SAP Solution Manager's BW 3) No complex setup 4) Once activated, the collector and extractor jobs run regularly and without further manual activities Possible usage scenario If you have Solution Manager 7.2 in use, you can use UPL within the framework of "Custom Code Lifecycle Management" (in German: management of customer developments). After one activation of the BW content and some standard jobs, you select one or more systems for which you want to activate UPL. If you already have the SP05 installed, there is a separate "Guided Procedure" for configuring the UPL in SOLMAN_SETUP.
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
This can be called under Services.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11).