SU24 Maintenance of authorization default values
Notes
The digitization of businesses and the emergence of new technologies mean that admins have to adapt to constantly changing conditions. Currently, the following trends (which are becoming more and more evident in the market) can be mentioned:
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Conflict Resolution Transport
Permanent and proactive technical support in the SAP Basis area ensures a stable, secure and high-performance environment. Our international team of experienced and certified Basis consultants supports our customers in all phases with a wide range of services, both nearshore and on-site or remote.
There are several ways to introduce and operate new applications. As a company you have the choice between internal realisation and operation, outsourcing, cloud computing and so-called outtasking. In deciding on one of the above concepts, the SAP basis must be included for the evaluation of various technological and operational aspects, which offers the possibility to develop a sound decision. This decision has a significant impact on the future operation of SAP and the associated operating and maintenance costs. The recommendations listed here are intended to help you decide on other forms of service. Information on the recommendation can be found in the Master's thesis in chapters 7.8 and 9.6.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Beginning on the BW system, go into the transaction SE37 and call the function block "RSAR_LOGICAL_SYSTEM_DELETE": RSAR_LOGICAL_SYSTEM_DELETE Enter the required values here.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
The system will then be checked to see if the desired system behaviour has been achieved or if malfunctions occur.