How to lock (SU01) and unlock (SU10) an SAP user
SAP Security in Transition - SAP HANA Permissions
SAP Basis, which means system administration and platform basis of SAP systems - quasi the operating level behind the SAP applications in the company. NEXUS / ENTERPRISE SOLUTIONS is now focusing more strongly on this business area and is strengthening its service portfolio in the basic operation of SAP Basis services (Application Management Services / ongoing support) with optional extensions and project services of SAP Basis operation, for example, in the course of migrations.
The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.
The logging of data changes in tables using transports should also be active. For this, the "RECCLIENT" parameter in your transport management system (Transakation STMS) must be set to "ALL" at all system levels.
The tasks of an SAP Basis administrator are management and administration of SAP systems. In practice, it means taking responsibility for the maintenance environment of the systems, their cooperation, updating, solving user problems and efficiency issues (concerning the network, databases or operating systems), backup copies and architecture. Another task of this position is also to follow new market trends and propose solutions compliant with them.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
For his daily work he uses suitable tools (e.g. monitoring tools), in which he is trained and trained.
On this page you can find out what is behind the term and what SAP Basis is responsible for in detail.