Willingness for further training
ST22 ABAP runtime error
For more information about the lowest support package level for SAP ABA and SAP Basis to install an SAP Basis Plug-In, see the SAP Service Marketplace. For more information about the lowest support package level for the corresponding SAP R/3 plug-in, see the SAP Service Marketplace. This level depends on the release of SAP R/3 or SAP R/3 Enterprise.
If all tasks considered to be an interface theme are supported by the SAPBasis, this means a very wide range of tasks. Here it is necessary not to overwhelm the own employees within the SAP basis and to keep the complexity of different topics and technologies manageable per capita. Therefore, a corresponding growth is associated with this interface task. This recommendation is general and does not apply only to the SAP basis.
SM59 Configuration of RFC connections
Basis includes a client/server architecture and configuration, a relational database management system (DBMS), and a graphical user interface (GUI). In addition to interfaces between system elements, Basis includes a development environment for R/3 applications, a data directory, and user and system administration and monitoring tools.
The SAP NetWeaver Application Server Add-on for Code Vulnerability Analysis tool, also known as Code Vulnearability Analyzer (CVA), is a tool that performs a static analysis of user-defined ABAP source code to detect possible security risks. The tool is available in the NetWeaver ABAP stack and is based on versions from: 7.0 NetWeaver: in EHP2 SP 14 or higher / 7.0 NetWeaver: in EHP3 SP 09 or higher / 7.3 NetWeaver: in EHP1 SP 09 or higher / 7.4 NetWeaver: in SP05 or higher To use the CVA tool, the execution of system-wide security controls must be enabled with the RSLIN_SEC_LICENSE_SETUP report. Afterwards, the security checks are available in standard ABAP code checking tools such as ABAP Test Cockpit (ATC) or Code Inspector (SCI). The option of these checks is usually referred to as "security analysis in extended program check". Note that the use of the security check feature for custom code separation is licensed and incurs additional costs. The older program that has been around for years is Virtual Forge's "Code Profiler". It is one of the first products in this segment of SAP security and was used by SAP itself for many years. It is very comprehensive and is also able to track individual variables across the entire control flow. This leads to very precise statements and a reduction of false positives.
Tools such as "Shortcut for SAP Systems" complement missing functions in the SAP basis area.
You should still be aware of the SAP ERP environment to address this security risk.
Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking.