SAP Basis SM19 Security audit - SAP Basis

Direkt zum Seiteninhalt
SM19 Security audit
Provision resources in minutes instead of weeks
The 5 most common errors in SAP test management In this blog post I would like to discuss the 5 most common errors in SAP test management, which in my experience occur regularly in this area. I hope that with this I can give you some guidance so that you can avoid these mistakes. No test management Quite simple. You have complex SAP software in use or are just introducing a new module tailored to your company, but the test process plays a subordinate role and tests take place only sporadically and unstructured? Then you have already made the first mistake. To ensure high software quality, avoid hidden consequential error costs and consciously plan for a test period instead of the risk of time bottlenecks, a methodical approach should be planned. Too much testing If you have decided to introduce test management, you need to weigh up the resources required for this. A large amount of testing quickly pushes the cost-benefit ratio into the realm of inefficiency, because the time required for testing drives up costs. On the other hand, the test quality should of course be high. Therefore, a structured and comprehensive approach is of high importance. Basically, you should make sure that the costs for the test effort do not exceed the average of the consequential failure costs.

Once the UPL is activated, you can access the usage data as follows: Solution Manager: BW Query 0SM_CCL_UPL_MONTH (other predefined Querys available) Managed System: Report /SDF/SHOW_UPL Based on the UPL's data collection, you can now use additional functionalities of the CCLM to depick, for example, proprietary developments that are unused for a long time. Do you know the UPL of SAP and already use it to gain more information about its existing system landscape?
SAP Business Objects: CMCRegister Card Configuration Permissions
For these cases, you should take a closer look at the DBACOCKPIT transaction. This transaction provides you with many other database management features, an editor that allows you to easily execute your SQL queries against your SAP system. This method displays the result in the GUI shortly after the query is sent. How to execute a SQL query To call the editor for SQL queries in DBACOCKPIT, the user must: The user needs corresponding rights to execute the transactions SM49 and SM69. STOR and SMSS must be cultivated in the S_ADMI_FCD permission object. SQL queries must maintain the database connection. To get the current status of a database connection, see the DBCONT table. Rights for calling the table(s) to be retrieved must be assigned. For more details, see the section "Further information on DBACOCKPIT" in this blog post.

In addition to scanning and identifying the respective security vulnerabilities of a program, it is also possible to stop tasks that are to be transported to other SAP systems with security vulnerabilities in the further transport process This applies, for example, to the CHARM process based on SAP Solution Manager. This forces a programmer to securely check the programs he or she is responsible for according to the same security criteria. If a program then still has security problems, it can either be released via the dual control principle or returned for further processing. Do you know of any other solutions for improving ABAP code security or have you already gained experience with the products mentioned above? I look forward to your comments!

Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.

This is because the user synchronization checks which roles are assigned to a user and then assigns the current, matching profile.

Prerequisites to use digitally signed SAP hints To prepare your SAP system for digitally signed clues, you first have to meet some requirements: Digital signed SAP hints are provided as SAR files.
Zurück zum Seiteninhalt