SPAM/SAINT - the update tools integrated in ABAP
Maintenance and transport of application and system modifications
From a purely technical point of view, each generated authorization role contains a profile from which a user receives the actual authorization objects and authorization characteristics. If this profile is outdated or not assigned at all, the user will not have all the authorization objects contained in the authorization role. Incidentally, the problem arises particularly frequently after role transports: If an authorization role is changed in the development system and then transported to the production system, the current profile is not automatically assigned to the users with the respective role. A user comparison must therefore be performed here.
For example, many customer ABAP programs work by uploading or downloading data. There are potentially large security gaps here that allow access to server data. In addition, the widespread direct invocation of operating system commands that are not covered by a self-programmed authorization check is a major problem. Even though classic SQL injection, i.e., the entry of extended SQL commands, is a potential security vulnerability, it occurs rather rarely in SAP systems. More widespread is the unintentional dynamization of SQL calls because input parameters are not sufficiently checked. The need to check all in-house developments internally for such security vulnerabilities before they are delivered in SAP's own code has led to the development of the SAP Code Vulnerability Analyzer tool.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
SAP Smart Forms
If the additional memory in the Advanced Storage Area is still not sufficient for the user context, the optional second role area can be used. The size of the second roll range is determined by the difference between the parameters ztta/roll_first and ztta/roll_area. Rolling range has been eliminated in kernel release 7.4, so these parameters are obsolete from then on. Instead, the user context is now stored directly in the Advanced Memory.
A degree in computer science is usually a prerequisite and is now almost compulsory. Those who have been trained as IT specialists can take advantage of further training to become SAP Basis Administrators and thus position themselves particularly well on the job market. However, quite a few companies also offer to train employees to make them fit to work as SAP Basis Administrators.
Tools such as "Shortcut for SAP Systems" are extremely useful in basic administration.
The message server serves as an "intermediary" between the applications and services, for example, by controlling communication between the individual application servers and determining the load on the application servers.
To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.
This applies in particular to specialised roles.