Copying SAP clients: Local, Remote, Import/Export
Creation of quick reference guides for end users and administrators
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
Every SAP system develops over many years. It grows and changes with the company. The more functions are mapped in it and the more data is stored, the greater the importance of and dependence on this central ERP system. There is no such thing as a standard SAP Basis solution. It is developed individually with reference to the company.
The Basis system comprises a total of three layers
In addition to the optimisation potential of Security Automation, which I explained in more detail in my last post, the E-Learning division also offers numerous possibilities for automation. Since many companies are not yet making the most of these potentials due to a lack of knowledge about this particular form of knowledge transfer, I would like to address this in the following post. E-learning is also a form of automation that, if used correctly, brings many positive aspects. In the end, e-learning is a way to store know-how in a form that can be retrieved again and again. This means, of course, a certain initial effort for the creator, which nevertheless pays off more than if the quality is sufficient. What are the opportunities for a company to take advantage of e-learning? A company has several ways in which it can exploit and use the area of e-learning for itself. The fundamental question that should arise immediately after the decision to do so is whether the company creates the content itself or whether it relies on the content from external sources. Both have advantages and disadvantages, which I would like to explain in the following.
A trick often used by administrators is to allow for time buffers before starting the next job. The buffer times are necessary because it is not possible to predict exactly how long a job will take to complete, since the duration depends on many incalculable parameters. Since it makes little sense to run backups and SAP jobs at the same time, these tasks are usually done one after the other rather than in parallel. In more complex environments, data backup durations, time buffers and job runtimes add up to such an extent that the time available is no longer sufficient to perform all activities within the available time corridor. Tools that work with status dependencies and then automatically start the next job when its predecessor job has been processed without errors can help here.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
For a better overview, it is usually useful to name and number the derivatives after the master roles.
Note that you can only work with this transaction in SAP GUI for Java and SAP GUI for Windows.