SAP Basis SM19 Security audit - SAP Stuff

Direkt zum Seiteninhalt
SM19 Security audit
Monitoring
The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.

In the following dialogue, select a TADIR service and the programme ID "R3TR" and the object type "IWSG". Now you can select the OData service stored on the front-end gateway. Then switch to the Permissions tab to generate the current profile of the permission objects with the new Fiori permission. Once you have performed these steps, the treated role has the necessary permissions on the front-end side. Fiori Permission to call the OData service on the backend server Now go to the role maintenance in the PFCG on the backend server. Open the appropriate role in Change Mode. Now you can repeat the steps for the frontend as explained above. However, when selecting the TADIR service as the permission proposal, you now select the object type "IWSV". Here you can select the OData service of the specific Fiori application stored in the backend.
Process transports between systems
Together with our SAP development team, our SAP Basis experts develop programs and transaction processes using Web Dynpro technology. This includes, for example, our SAP AddOn "SAP Password Reset". We would be happy to develop your solution.

The SAP basis as an organisational unit within a growing IT organisation is facing far-reaching changes. The growing number of technologies and the growing need for integration and collaboration with upstream and downstream IT departments means that the SAP basis is constantly growing. Examples of organisational concepts and further information can be found in chapters 7.6 and 9.4 of the Master's thesis.

Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.

Authorization and profile management tools for user management.

SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.

Finally, the presentation layer contains software components for the graphical presentation of the application.
SAP Stuff
Zurück zum Seiteninhalt