Relevance of SAP Basis
SWPM - the Software Provisioning Manager integrates the classical tools like sapinst, ehpup, etc for the maintenance/installation of SAP systems
In addition, the applications prepare the data in such a way that the user can visually capture it via the presentation layer. Conversely, the application server transfers all data that a user enters via the presentation layer to the underlying database.
If you need to reinstall a Support Package because of errors or because a SPAM update is required, reset its status. Resetting does not mean that the system is at an old state. Note that your system is inconsistent when you reset the status after items have already been imported (for example, after the DDIC_IMPORT step and following). Resetting the status should only be used to troubleshoot the issue and you should repeat the playback as soon as possible. Procedure To reset the status of a Support Package or Queue, select Add Status Reset. Result After updating the status, the corresponding entries in the cofile and in the log file are deleted. The support package must then be fully reloaded. The transaction SPAM starts the insertion with the step CHECK_REQUIREMENTS [page 26].
Troubleshooting and support
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
We have developed a generator that supports the creation of the files.
Read how to find out if a parameter is static or dynamic and how to use the RSMEMORY report to dynamically adjust the memory allocation parameters.