PROLOGUE
Security management, system audits, hardening and monitoring
The past ten years have primarily revolutionized the infrastructure and database layer. The fascinating thing is that there have been hardly any changes to the SAP installation program SAPinst during this time.
IMPORT_PROPER In this step, the repository and table entries are recorded. There are the following reasons that may lead to the termination of this step: TP_INTERFACE_FAILURE: Unable to call tp interface. TP_FAILURE: The tp programme could not be run. For more information, see the SLOG or ALOG log file. TP_STEP_FAILURE: A tp-Step could not be performed successfully. The cause of the error can be found in the appropriate protocol, for example in the import or generation protocol. If the generation (tp-Step G) is aborted, you can either fix the errors immediately or after the commit is completed. In the latter case, you must do the following: To ignore the generation errors, select Additions Ignore Gen Error. Continue the playback. Buffer synchronisation problems can also cause generation errors. For more information, see Note 40584.
Solution Manager
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
The role of the SME describes an expert in a particular field, such as SME databases or SME-SAP-HANA, in the context of SAP products and is gaining in importance due to new technologies and thematic areas. The role of the SME thus corresponds to an expert role in the technology environment. It has a good network within the IT departments and, if necessary, to other business units within the company. In order to carry out its activities, it is necessary to have already acquired practical experience in the operation of its thematic focus. Expert tools are also used to fulfil his task. Through the exact definition of disciplines, the SME assumes the informally many tasks of the traditional SAP basis administrator and also new disciplines in the course of new technologies. In addition to the existing features, there will be in the future such as SME-Cloud, SME-SAP-HANA/Databases, SME-Supplier-Management, SME-Security, SME-Compliance, SME-Landscape-Virtualisation-Management (SME-Landscape-Virtualisation-Management) and SMESolution-Manager. SME-Cloud is in contact with the global cloud manager (if it exists in the company). In addition, an expression SME-Security is in contact or reported to the global corporate security sector. An expression SME-Supplier-Relationship-Management or Supplier-Management is orientated both internally (coordination with other departments) and externally (coordination and communication with suppliers). The SME cloud is a special feature of SME Supplier Management.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
Identification of certain transactions with user assignment using SUIM This option is useful if only one transaction is to be checked for its existing assignment to a particular user.
The SAP Basis team handles the entire administration of an SAP system.