Load Support Packages into Other Systems
The database layer
Whenever you find a red traffic light on the Roles tab in the user master in SU01 - or a yellow traffic light on the Users tab in PFCG, you can usually solve the problem with a simple user synchronization. The fact that such a user adjustment is necessary can have several reasons. Among others: after a role transport to / when assigning users to roles via PFCG after restricting the validity of roles to users when roles are assigned indirectly via organizational management. Users usually notice the problem of a user comparison that has not been carried out quite quickly: Authorizations are missing, although at first glance they are available in the assigned authorization roles. This is because a user is assigned the correct authorization role - but the profile associated with the role is not up to date.
Permissions beyond the daily task spectrum are granted only for limited periods and under control. The activities with the emergency user are logged in a revision-proof manner. Do you already have an emergency user concept in use or would like to introduce one? I'm happy if you share your experience with me! You can leave me a comment or contact me by e-mail.
Recording customer infrastructure and consulting SAP® systems and operations
It should be mentioned here that it only makes sense to access the tables by reading the SELECT statement to get a quick view of the results. Using the DBACOCKPIT, it is not possible to create entire table structures using Create Table. For such applications, SAP provides other, better options. Another important point is that once a user has the necessary permissions to use the transaction DBACOCKPIT, it can potentially (with appropriate permissions on the tables) access the entire SAP system. For example, a query can be used to read the entire user table. Therefore, the transaction should always be treated with caution and only awarded to administrators. DBACOCKPIT handles the call control permissions similar to the SE16 / SE16N transaction. When the table is called, the S_TABU_DIS or S_TABU_NAM permission object is checked with a specific activity. This means that only the tables or table permission groups for which the corresponding values in the aforementioned permission objects are assigned can be accessed. You can read more about assigning permissions to individual tables here. In addition, you can save SQL statements that you run once, and run them again at any time to recognise changes in the result set without having to reformulate the SQL statement each time. The editor also allows you to start the query for SQL statements in the background. The result is obtained by calling the transaction SM37, in which the result is output in a spool file.
SAP Basis is also known as module BC or application Basis. SAP Basis refers to all transactions, programs and objects that control the functions of the overall system. This includes, among other things, user and authorization management as well as the configuration of interfaces via RFC.
Use "Shortcut for SAP Systems" to accomplish many tasks in the SAP basis more easily and quickly.
This includes the continuous monitoring and allocation of access possibilities as well as the systematic securing of functional separation (SoD - Segregation of Duties) in the IT systems.
Another option is to configure the gateway to support Secure Network Communication (SNC).