SAP Basis Administration
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
An understandable and comprehensible strategy enables the SAP basis to derive it as easily as possible to practice and to the resulting requirements and activities. The main task of the SAP basis is to support new business models by implementing the strategy and to show how much technical and financial effort and benefit is generated. It is also the task of the SAP basis to identify the skills and resources necessary for them and to ensure their existence at an early stage.
Defined service level agreements (SLAs)
We take over the complete maintenance management for you and ensure that your SAP installation is always up to date. As a certified SAP Gold Partner and PCoE (Partner Center of Expertise), we can provide you with all the SAP licenses you need. We advise you on the possible licensing models and only provide you with the licenses you actually need.
To display custom tiles based on catalogues and groups when the launchpad starts, permissions are placed in the menu of the underlying role. This makes it possible to ensure that every user on the launchpad can only see and open their applications. Open Launchpad permissions SAP provides default roles for opening the Fiori Launchpad. This distinguishes between the Fiori permissions to start the launchpad normally and to manage the user interface.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
To do this, call any derived role, or the master role, and then click the "Inheritance Hierarchy" button.
A cleanly implemented authorisation concept protects against attacks within the SAP system.