Proactive and continuous optimization of system availability and performance
Planning of SAP environments
To facilitate communication within IT departments, it is necessary to identify clear communication channels and contact persons and also to use uniform tools for communication. It would also be possible to designate contact points (contact points) for upstream and downstream IT departments and external service providers and suppliers.
The application layer is the central component of the SAP R/3 system. This layer is therefore also referred to by SAP as the actual basis system. Within the layer there are application servers and a message server.
Implementation of the configuration in the system
In every company with several SAP systems, there is a person responsible for the complete SAP Basis topics, usually there is even a separate department for this. This person ensures the trouble-free operation of the SAP systems. The person responsible also accompanies maintenance work or upgrades and intervenes in special situations, such as poor performance. Even for companies that hand over the operation of the SAP Basis to an external service provider, there are often still tasks from the environment of user and authorization management at this point.
Especially after security incidents it may be necessary to find out which (technical) users have logged in at which time. The USR02 table provides a first entry point. In the TRDAT column you can find the last login date for the user you want. However, a history of previous applications is not found in this table. In such cases, the Security Auditlog or SAL helps. Preparation In order to access the desired data, it must also have been saved previously. In the Security Auditlog, you can use various filters to determine which users are logged on which client and which information. The Security Auditlog stores, depending on configuration, logins, RFC calls, and other actions for specific users. You can make these settings in the SM19 transaction. Note: Logging user activity must be aware of the users concerned! Configure the SAL only for technical users or in consultation with users / works council / etc. It can be seen there among other things when the SAL was activated and last edited (1). You can also select the various filters (2), activate the filters individually (3), specify clients and users (4) and specify which activities are logged (5). Static configuration in the SM19 Under the Dynamic Configuration you can also see if SAL is currently active for the system. Determine the status of the SAL Evaluation of the SAL If the Security Audit Log is active, switch to the SM20 evaluation of the Security Audit Log. Select the desired user and client and the appropriate time window. The option Dialogues login is sufficient for the login. Then, restart the AuditLog analysis. Start evaluation You will get an overview of the user's login to the selected client of the system.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
This saves us a lot of time and ensures that no checks are overlooked when performing manually.
Failure to do so will result in a multi-department employee having extensive privileges that can be critical in combination.