NEW TECHNOLOGIES & INNOVATION
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
You will need to download the support package again. CANNOT_DETERMINE_DATA_FILES: The name of a data file could not be determined because a profile parameter was not configured correctly. Verify the settings using the RSPARAM report. CANNOT_DISASSEMBLE_R_DATA_FILE: Unable to extract an R3trans data file. A possible cause of error is that the appropriate OCS file was not found or the data file could not be opened for writing. An error occurred while transferring a 20K block from the EPS inbox to the /usr/sap/trans/data (UNIX) directory. CANNOT_DISASSEMBLE_D_DATA_FILE: Unable to extract an ADO data file. The reasons are the same as for CANNOT_DISASSEMBLE_R_DATA_FILE. CANNOT_CREATE_COFILE: The cofile could not be created from the corresponding data file. One of the possible causes of error is that
adm does not have write permissions for the /usr/sap/trans/cofiles (UNIX) directory.
Daily Check Solution
In addition to the database, the SAP system itself is installed. This installation is planned using a tool from SAP, the "Maintenance Planner", and then carried out using the SWPM (Software Provisioning Manager) and SUM (Software Update Manager) tools.
This course is intended for people who plan, design, and install the SAP HANA database. It will also be of interest to those responsible for configuring the various components for importing data and customer reporting.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
In a HANA system, there are privileges instead of permissions.
In this case, attention should be paid to an individual authorisation.