Development
Optimise trace analysis
When configuring the Security Audit Log, you must consider the storage of the files. At least one separate file is created for each day. When the maximum size of all files for the tag is reached, additional events are stopped. So you should always adjust the maximum size of the file to your needs using the parameters rsau/max_diskspace/per_file and rsau/max_diskspace/per_day. The rsau/max_diskspace/local parameter is obsolete in this case, but remains active if the other two parameters are not maintained.
In an SAP® system, authorizations are not the only focus of the auditor. Essential system parameters are also part of the audit. For this reason, it should also be ensured in advance that all parameters are set up in accordance with the company's specifications. The parameters concerned are all those that ensure system and client security. Among other things, it must be ensured that the production system is protected against any kind of changes and therefore no direct development is possible.
In-house role maintenance
You can use the BAdI SMIME_EMAIL of the SMIME extension spot and implement the CERTIFICATE_RETRIEVAL and CERTIFICATE_SELECTION methods according to your requirements. This BAdI is called whenever an encrypted e-mail is sent. An extension allows you to search for a valid certificate at run time (for example, the one with the longest validity) to the recipient's email address in a source you defined. In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book. For details on the availability of BAdIs, see SAP Note 1835509.
If you get into the situation that authorizations are required that were not considered in the role concept, "Shortcut for SAP systems" allows you to assign the complete authorization for the respective authorization object.
If you want to know more about SAP authorizations, visit the website "www.sap-corner.de".
We give you a guide to record permissions checks on certain application servers, but we also show you a way to use this feature centrally.