Connection of cloud services
Planning
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
In order to reduce the variety of different system variations and the related variety of routine tasks, it is necessary to reduce the number of customer specifications. In particular, the implementation, set-up and configuration of the systems and security concepts must be harmonised or returned to the SAP standard. To this end, it is necessary to establish, in cooperation with the relevant IT departments, a standard for, for example, operating systems and databases within the limits set by the product.
Add-ons
A partner agreement must be entered into for each supplier in the transaction WE20. Such an agreement shall determine how the electronic data are processed. Select the vendor partner type LI and create a new partner agreement. In this example, a new partner agreement is created for IDES AG as a supplier. Enter the vendor's partner number in the appropriate input field and select LI as the vendor's partner type. The next step is to define the output parameters. These specify how the outgoing data should be processed. The message type defines what kind of messages should be processed. The Output Options tab specifies the port to send the message to and the IDoc type. The IDoc base type ORDERS05 matches the ORDERS message. The Message Control tab defines which application should generate a message. In this case a message should be generated when a new order is created. If an order is placed for a product of IDES AG in the transaction ME21N, this order will be automatically sent in electronic form.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page "www.sap-corner.de" you will find useful information on this topic.
Now you can select the OData service stored on the front-end gateway.