SAP RFC Gateway Security through secinfo and reginfo ACL files
SF01 Logical file paths and names (client dependent)
Basis administrators often have basic ABAP knowledge, for example, and ABAP developers know the basics of SAP Basis. Nevertheless, the two fields of activity are usually organizationally separated in the company.
SAP Basis represents the cornerstone of the SAP system, i.e. the foundation without which the system cannot function. Furthermore, it includes some administration tools and middleware programs. These programs can be used with the help of SAP Basis independently of the operating system and database used.
Our toolbox ...
In practice, it is quite possible that the target specifications defined in the security concept do not match the current actual status. Therefore, especially with regard to SAP security, it must always be checked whether the necessary SAP basic settings also correspond to the minimum level. Although a manual check is possible, it is very time-consuming because the necessary regularizations have to be read, interpreted and technically implemented. The Security Architect - part of the Xiting Authorizations Management Suite (XAMS) software solution developed by Xiting - offers you the possibility to precisely examine the current status of the SAP Basis settings with the help of the integrated check mode, whereby it is also possible to check several systems via RFC, starting from a central system. The scope of the check of system settings and system security includes not only the SAP Basis settings presented here, but also other SAP Basis settings. The scope of the check mode can be extended by self-defined check IDs.
If we look at the question of standardisation, this concerns not only the administrative side of IT products, but also the standardisation and simplification of IT products offered by the SAP basis. For this purpose, tools such as ITIL for standardised tasks and the development of IT product and IT service catalogues have already established themselves to the greatest extent possible. These clearly describe the IT services provided. In addition to the definition of the service to be provided, the clear description shall include the identification of disclaimers and conditions that must exist. Also part of the service description is a price that can be composed of fixed and variable parts. This simplification and bundling of the product portfolios should also reduce the administrative burden when ordering, activating, changing, terminating and, of course, invoicing. The description of the IT services and the associated development of an IT product catalogue is the basis for standardisation, whether the recipient is an external or internal customer (e.g. a business unit). One difficulty is the definition of IT products, i.e. the pooling of IT services and resources. An orientation towards the idea of cloud computing can help. The characteristics of cloud computing are the provision of standardised services in terms of performance and type of performance, results-orientated services, provision of performance to a wide range of service customers, scalability, transaction-based billing and high risk of IT service failure.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Some useful tips about SAP basis can be found on www.sap-corner.de.
In addition, they shall have the possibility to access the SE37 and execute functional modules there.
Many settings often result in more errors.