How are SAP modules and SAP Basis related?
SAP Basis Consulting
You can reduce the Queue selection. To do this, select the Support Package that should be the last in the queue. After that, the queue is recalculated. You can also start the recalculation explicitly with Queue. Note that you can only select Support Packages that are part of the software component you have selected (the mouse cursor will change its appearance accordingly). The support packages associated with the calculated queue are green. The highest support package of the previously selected software component is additionally marked with a green tick. The support packages that are no longer part of the queue are still visible in the list and can be selected again. If you want to set the queue for another software component, select New Component. Result You have defined a queue. Now insert the support packages in the queue [page 20]. Rules for the Queue The following rules apply to creating a Queue: If it is an FCS system, the first step is an FCS Support Package. If it is missing from the queue, it cannot be defined. Instead, you will receive an error message telling you the name of the missing FCS Support Package. You cannot insert an FCS support package in a non-FCS system (official state of delivery). Support packages for a selected component are queued in order. If support packages in the queue have connections to support packages of another component (further predecessor relationship, required CRT), the queue will be extended by additional support packages until all predecessor relationships are fulfilled. Note that the SAP Patch Manager takes into account the configuration of your SAP system and only adds support packages to the queue that can be inserted into your system.
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
SE90 Repository Info System / Object Navigation
Part of an IT or cloud strategy may be to define architectural guidelines and a framework for the use and use of certain services. The SAP basis is to actively participate in shaping the rules and framework and the architectural guidelines, and bring in its existing expertise from the SAP technology environment.
So-called Access Control Lists (ACL) offer a good possibility to secure your gateway in order to exclude unwanted external accesses to the database of the application server. With the help of the ACL files reginfo and secinfo an access control can be implemented, in which allowed as well as forbidden communication partners can be defined. The reginfo file controls the registration of external programs on the gateway, which means that rules can be defined that allow or prohibit programs. With the help of the file secinfo you can define which users are allowed to start an external program. To be able to use these files, you must set the parameters gw/reg_info and gw/sec_info (transaction RZ11). For more information, refer to SAP Note 1408081.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Delegate daily maintenance tasks to us - we are also available for short-term staff shortages.
These are usually derived from the target group to be applied for.