SWPM - the Software Provisioning Manager integrates the classical tools like sapinst, ehpup, etc for the maintenance/installation of SAP systems
Release upgrade
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
Project successes should also be documented and circulated as success stories of the SAP basis or made available to the SAP basis stakeholders to highlight the importance of the SAP basis. These success stories can be shared from the grassroots or from the outside, for example. Examples include CIO communications or project reports. BENEFITS & CONSEQUENCES The added value of the implementation of the recommendations described above lies in the guaranteed operational stability and operational safety. In addition, a company and in particular an IT organisation with a strong SAP basis receives a competent and sustainable partner for SAP topics and technologies, who is always looking at the SAP picture in general. Furthermore, all business and IT departments are aware of the role and the scope of the SAP basis. This means that you can contact them as the right person in good time. There is a lower risk that certain areas may develop shadow IT related to SAP topics and technologies due to lack of transparency.
SAP Security
The logging of data changes in tables using transports should also be active. For this, the "RECCLIENT" parameter in your transport management system (Transakation STMS) must be set to "ALL" at all system levels.
The positioning depends strongly on the previously identified target groups and must be justified accordingly. Positioning is extremely important for the SAP basis. It is primarily a matter of positioning within the IT organisation and defining or positioning the other IT departments that can be considered as competitors in the context of this step. STEP 6: OWN EMPLOYEES This step will identify the necessary skills and training of their own employees necessary to fulfil the objectives and provide the service. The necessary skills and roles for the SAP basis are explained in detail in the recommendation Skills & Roles.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
The website www.sap-corner.de offers many useful information about SAP basis.
As usual, it must be assigned to a package and a workbench order to become available.
The chain now has in principle two end pieces (2 parallel blocks).