SAP Basis Server Administration - SAP Basis

Direkt zum Seiteninhalt
Server Administration
Update & Upgrade
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.

The core of SAP Basis is the application layer with one or more application servers and a message server. The message server is used for communication between the application servers and transmits jobs between them. The application layer communicates with the database layer on the one hand and the presentation layer on the other. The applications on the application server request the required data from the database, process it and prepare it for the user, who displays it in his Graphical User Interface (GUI) via the presentation layer. Conversely, the application server passes information that the user enters via the GUI on to the database.
The digitization of businesses and the emergence of new technologies mean that admins have to adapt to constantly changing conditions. Currently, the following trends (which are becoming more and more evident in the market) can be mentioned:

Some useful tips about SAP basis can be found on

Database layer: All of a company's data is stored in the database, which is located on a database server. Application programs pull the data they need from the database. This data can consist of data tables, applications or system control tables. In addition, the database also takes new information from users and backs it up.

"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.

If the *.ATT files are present, run only RSEPSUPL in the target system.

Examples of organisational concepts and further information can be found in chapters 7.6 and 9.4 of the Master's thesis.

The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
Zurück zum Seiteninhalt