Show the one-game status
Support for Basis Projects
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
New risks in SAP HANA: In addition to the known risks, there are also new risks from the use of SAP HANA. A very good example are frequently used web applications that represent something new in the SAP area. In contrast to an SAP ERP system, HANA systems consist mainly of web applications, which were considered optional in the previous versions. These web applications can be found by various search engines on the Internet. This also applies to SAP Portal or Netweaver. There are URL schemes that help locate the system. This also applies to other SAP systems that use Web applications. This makes the new technology vulnerable to typical web attacks. SQL Injection, ABAP Code Injection, or XSS are all included. All risks known for a normal SAP system also apply to a SAP-HANA system. The data is stored unencrypted in RAM. Only then does the system gain this speed advantage. This results in risks such as a read-out by memory scraping malware. These pick up data in memory. Encryption costs performance, so it is not used by default. Especially during a migration HANA runs in a parallel system, therefore at least one new system comes to your landscape. Also note: HANA has its own tools and settings that need to be known and configured. The bottom line is that the system simply needs more attention when operating. Many settings often result in more errors. Three - points - HANA Security Plan 1) Roles and permissions In a previous SAP system, roles and permissions are certainly one of the main pillars of a secure system. Roles and permissions work differently in a HANA system. There are two types of users: 1) Default (limited): With this type of user, there are different access methods to the database. For example, the JDBC or HTTP technologies are used to give two examples.
CG3Y Download file
The SAP Basis is responsible for the smooth operation of the programmes in the SAP system. It acts as an operating system for R/3 and subsequent releases including S/4HANA. Each operating system provides an environment in which programmes can run, such as MS Office on Microsoft Windows. Likewise, the SAP base system with the NetWeaver and HANA platform offers an environment in which the SAP programmes can run. In this context, the NetWeaver platform itself relies on server operating systems such as Windows and Linux.
By correctly assessing your own applications for suitability for operation with an external service provider or in the cloud, the enterprise risk of the chosen service form is minimised. Also, possible weak points or aspects that require special attention are known and can be dealt with proactively. A negative consequence during the operational operation can be largely excluded.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
On www.sap-corner.de you will also find useful information about SAP basis.
They work with it on a daily basis and can provide quick solutions to concrete problems.
The first step is to copy the files to the transport directory of the SAP system.