SAP RFC Gateway Security through secinfo and reginfo ACL files
I recommend that you schedule the background job PFCG_TIME_DEPENDENCY with the report RHAUTUPD_NEW. Scheduling the RHAUTUPD_NEW report with two variants has proven to be a best practice: Once a day before users log on for the first time (e.g. midnight or very early in the morning). This way the users are synchronized once a day. Once a month (or even once a week) with the option "Perform cleanup", so that obsolete profiles and user mappings are regularly cleaned up. Also handy: If the naming conventions of your roles allow it, you can also align the report according to different time zones. For example, I have a customer who runs the user synchronization for his users in the USA and Asia at different times, so that the daily business of the respective users is not disturbed.
This course is intended for people who plan, design, and install the SAP HANA database. It will also be of interest to those responsible for configuring the various components for importing data and customer reporting.
Job scheduling: your system needs to run various automatic background jobs that consume resources. Your administrator must carefully schedule these tasks when user demand is low so they don't impact performance.
Another important example is the reading permission for TemSe objects. The temporary files are often forgotten, because it is often not considered that cached (strictly) sensitive data, which is intended for only one user (owner), can be viewed by another user without permission - and across clients. The examples mentioned show us how important it is to carefully assign permissions for client-independent transactions. Download Transaction tables The transactions that enable the examples above, including certain expressions of the associated permission objects and our recommendations for them, can be found in the file "Critical cross-client permissions" for download. Other client-independent transactions are located in the Cross Clients TCODES file. The criticality of these transactions should be assessed according to the context. I recommend always being careful and keeping these transactions in mind.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
It would also be possible to designate contact points (contact points) for upstream and downstream IT departments and external service providers and suppliers.
Only the copies of the objects are transported to the next SAP system.