CONSIDER WITH EXTERNAL SERVICES PROVIDERS
SAP LSMW
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
A user name without a restricted character set can be a security risk. Therefore, it is advisable that you restrict the character set of the user ID. In this article you will learn where the dangers lie if you do not limit the user ID. I also explain how to eliminate this security risk.
Very good IT knowledge - especially of SAP solutions
Verify that the data file was generated. If it was not created, make sure that the [Page 10] Recreate Data File settings in SPAM settings are enabled. For more information, see Note 70752. ADD_TO_BUFFER In this step, the queue is placed in the transport buffer of your system.
Automatic error handling when a job is aborted is desirable and useful in most cases. The conscious processing and consideration of error situations in job chains - also at step level - can help to reduce manual effort. Error situations should be catchable: If they are non-critical elements, the following job can perhaps be started anyway. In the case of critical errors, a new attempt should be made or an alert issued so that an administrator can intervene manually. Simple batch jobs are usually not capable of this. The goal of an automated environment is not to have to react manually to every faulty job.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
Here the start permissions for the application's OData service in the backend system as well as permission objects are relevant for the business logic of the OData services used in the application.
Standardised procedures can help to introduce proprietary developments, such as test strategies or service level agreements (SLAs).