SAP Applications
IT Security
The tasks of an SAP Basis administrator are management and administration of SAP systems. In practice, it means taking responsibility for the maintenance environment of the systems, their cooperation, updating, solving user problems and efficiency issues (concerning the network, databases or operating systems), backup copies and architecture. Another task of this position is also to follow new market trends and propose compliant solutions with them.
Using profile parameters, we can configure everything in the SAP system. Some parameters are dynamically modifiable, which means that they can be changed without restarting the system. However, these changes are not permanent, i.e. after a system restart, the pre-set profile parameters are used again. Other parameters, however, are static, i.e. only with a restart and only permanently modifiable. Most profile parameters for memory allocation are actually static. However, there is the possibility to adapt it dynamically with the report RSMEMORY. Read how to find out if a parameter is static or dynamic and how to use the RSMEMORY report to dynamically adjust the memory allocation parameters. RZ11 - Maintenance of profile parameters The transaction RZ10 gives us information about profiles, which in turn contain different profile parameters. In the transaction RZ11, however, it is possible to view information about individual parameters, provided that you know their name. As you can read in our Memory Parameter Post, the following 5 parameters are particularly important for memory management: abap/heap_area_total abap/heap_area_dia abap/heap_area_nondia ztta/roll_extension_dia ztta/roll_extension_nondia If you don't know exactly what a parameter might be called, it's worth using the F4 help here. For example, for the parameter abab/heap_area_dia, the RZ11 outputs: Description of the parameter abap/heap_area_dia in the RZ11 As you can see here, it is not a dynamic parameter. Now it is rather sorry if you want to test whether there is enough memory available to restart the system again and again. For this purpose, there is the RSMEMORY report. RSMEMORY - Test your memory allocation strategy Report RSMEMORY Report View No documentation or value help available here, but SAP documentation tells you how to use the report. This first distinguishes between dialogue and non-dialogue work processes. That is, in the first area you can set Extended Memory (Storage Class 1) and Heap Memory (Storage Class 2) for Dialogue Workprocesses, and in the second area you can set it for non-dialogue workprocesses.
AL08 System-wide list of user sessions
The two main tasks of this function are: Deleting profiles including user assignments if no matching role exists. Deleting assignments between users and roles if either the user or the role does not exist.
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
In addition, the report also provides ways to analyse the global extended global memory hidden behind the two buttons "EG Overview" and "EG Dump".
These services are part of our authorization management: