SU21 Maintenance of authorization objects
SF01 Logical file paths and names (client dependent)
The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.
A first important step was the introduction of playbooks to professionalize our work. At that time, SAP installation manuals were real tomes with hundreds of pages that often went round in circles and were anything but easy to understand....
OTHER SERVICES
SAP Basis operations manage the IT underlying the SAP system. In addition, the operation ensures the maintenance and availability of business processes. Various tools can be used for this purpose, which take over the maintenance, servicing, configuration and monitoring of the SAP system. Basis operation is the prerequisite for ensuring that the SAP system is fully operational and covers the business processes well.
Standardisation of SAP operations as well as SAP systems can be seen as a preparation for automation as well as for cloud, outtasking and outsourcing service forms. Therefore, in the whole context of standardisation and automation, a sequence of tasks and systems needs to be followed. To do this, it is necessary to first make a detailed documentation of the respective object, which also describes the IST state in detail. A standardisation strategy can then be developed, defined and implemented. Only then can we consider automation, outtasking, cloud, and outsourcing.
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
By coordinating the SAP basis with other IT departments, the optimisation is always done in the overall context of the company or the IT organisation.
On the other hand, data that is newly entered in the presentation layer is passed on to the database layer and stored there.