SM20 Evaluation of the Security Auditlog
Optimization of the SAP infrastructure
People tend to forget how important this element of the architecture is. The setup involved often proves to be especially important for companies looking to implement the SAP system for the first time.
Creating the master role: Now maintain the permissions that are the same for all affected employees. In the example shown above, I assign the "findepartment_r" role as an example the "F-02" transaction authorisation.
System Updates
In order to cope with the digital transformation in general, but also to cope with the changing demands on the SAP basis and its scope of responsibility, it is necessary to revise existing roles and define and establish new roles. These include the roles of the technology architect, new features of the Subject Matter Expert (SME), and the role of the Expert Team Lead in leading a group of experts. Further information can be found in chapter 7.1 and 9.3 of the Master's thesis.
Remove weak password hashes from the system: Only updating the profile parameter does not provide you with the necessary security. There are still many weak hash values in your database that can be used to attack your system. These must be completely removed from the database. To do this, use the report CLEANUP_PASSWORD_HASH_VALUES. To do this, call the transaction SA38 and enter the name of the report in the input field. Run or F8 executes the programme and cleans your database Report CLEANUP_PASSWORD_HASH_VALUES This programme removes the outdated hash values across all clients. Have you already experienced this attack method or any other comments on this topic? Share your experiences with us in the form of a comment under this article.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
You may be familiar with the situation where you want to install a Precalculation Server yourself.
It is worth mentioning here that we have fully containerized the deployment of Avantra here, so each component runs in a separate container.