SAP SECURITY

Introduction:
In SAP runtime environment, both application security
and unauthorized system access to SAP have to be
controlled. The user accounts defined for users in the SAP
runtime environment are secured by roles that grant
authorizations to them. SAP authorizations control access
to transactions (Business Process Activities), or what can
be performed within a specific business process step by −
Keeping unauthorized persons out of the system
Keeping people out of places where they should not be
Safeguarding the data from damage or loss
 SAP SECURITY
Safeguards
In order to avoid threats, a sound and robust
system implements safeguards such as access
control, firewall, encryption, O/S hardening, digital
certificate, security monitor, and antivirus.
 SAP SECURITY
SAP Security is required to protect SAP Systems and Critical
Information from Unauthorized Access in a Distributed
Environment while accessing the system locally or
remotely. It covers various Authentication Methods,
Database Security, Network and Communication Security
and protecting standard users and other best practices that
should be followed in maintaining your SAP Environment. In
a SAP Distributed Environment, there is always a need that
you protect your critical information and data from
unauthorized access. Human Errors, Incorrect Access
Provisioning shouldn’t allow unauthorized access to system
and there is a need to maintain and review the profile
policies and system security policies in your SAP
environment.
 SAP SECURITY (Useful Resources)
• In a SAP Distributed Environment, there is always a need that you protect
your critical information and data from unauthorized access. Human
Errors, Incorrect Access Provisioning shouldn’t allow unauthorized access
to any system and there is a need to maintain and review the profile
policies and system security policies in your SAP Environment.
• To make the system secure, you should have good understanding of user
access profiles, password policies, data encryption and authorization
methods to be used in the system. You should regularly check SAP System
Landscape and monitor all the changes that are made in configuration and
access profiles.
• The standard super users should be well-protected and user profile
parameters and values should be set carefully to meet the system security
requirements.
• While communicating over a network, you should understand the network
topology and network services should be reviewed and enabled after
considerable checks. Data over the network should be well protected by
using private keys.
 SAP SECURITY (Why is it required)
Why is Security Required?
• To access the information in a distributed environment, there is a possibility
that critical information and data is leaked to unauthorized access and
system security is broken due to either – Lack of password policies,
Standard super users are not well maintained, or any other reasons.
• A few key reasons of breach of access in a SAP system are as follows −
• Strong password policies are not maintained.
• Standard users, super user, DB users are not properly maintained and
passwords are not changed regularly.
• Profile parameters are not correctly defined.
• Unsuccessful logon attempts are not monitored and idle user session end
policies are not defined.
• Network Communication security is not considered while sending data over
internet and no use of encryption keys.
• Database users are not maintained properly and no security measures are
considered while setting up the information database.
• Single Sign-on are not properly configured and maintained in a SAP
environment.
 SAP Security (How to Overcome)
To overcome all the above reasons there is a need that you define security
policies in your SAP environment. Security parameters should be defined and
password policies should be reviewed after regular time intervals.

The Database Security is one of the critical component of securing your SAP
environment. So, there is a need that you manage your database users and see
to it that passwords are well protected.

The following Security mechanism should be applied in the system to protect SAP
Environment from any unauthorized access

User Authentication and Management

Network Communication Security
Protecting Standard Users and Super users
Unsuccessful Logons Protections
Profile parameters and password policies
SAP System Security in Unix and Windows Platform
Single Sign-On Concept
•
 SAP Security (Check List)
SAP Security Best Practices Checklist
• Network settings and landscape architecture
assessment
• OS security assessment where SAP is deployed
• DBMS security assessment.
• SAP Net Weaver security assessment
• Internal assessment of access control
• Assessment of SAP components like SAP Gateway, SAP
Messenger Server, SAP Portal, SAP Router, SAP GUI
• Change and transport procedure assessment
• Assessment of compliance with SAP, ISACA, DSAG,
OWASP standards
SAP Security Hardening
SAP Security (Policy)
 SAP SECURITY (The purpose)

The security in SAP system is required in a

distributed environment and you need to be sure
that your data and processes support your business
needs without allowing unauthorized access to
critical information. In a SAP system, human errors,
negligence, or attempted manipulation on the
system can result in loss of critical information.
 SAP Security (Purpose Cont…)
If an unauthorized user can access SAP system
under a known authorized user and can make
configuration changes and manipulate system
configuration and key policies. If an authorized
user has access to important data and
information of a system, then that user can
also access other critical information as well.
This enhances the use of secure
authentication to protect the Availability,
Integrity and Privacy of a User System.
 SAP Security (Application related)
• SAP Systems contain very sensitive and confidential data of their
clientele and businesses. Hence, there is a need for a regular audit
of an SAP computer system to check its security and data integrity.
• For instance, an employee in a warehouse who is responsible for
creating a purchase order shall not approve a rightful purchase
order or otherwise he may create and approve as many purchase
order without any use.
• In such scenario, the purchase order approval should be controlled
by a higher authority which is a standard security feature.
• Protecting the SAP data and applications from unauthorized use
and access is called SAP security. To protect these data’s SAP offers
different measures for security check.
 SAP Security Concepts
Security Concepts for SAP
STAD Data
Transaction codes are the front door to get the access to SAP’s functionality.
STAD data provide security against unauthorized transaction access. Does it
keep a record of information like who accessed certain critical functionality?
And when? STAD data can be used to monitor, analyze, audit and maintain
the security concept.
SAP Cryptographic library
SAP Cryptographic Library is the default encryption product delivery by SAP.
It is used for providing Secure Network Communication (SNC) between
various SAP server components. For front-end components, you need to
buy an SNC certified partner product.
Internet Transaction Server (ITS) Security
To make SAP system application available for access from a web browser, a
middleware component called Internet Transaction Server (ITS) is used. The
ITS architecture has many built-in security features, such as to run the
Wgate and Agate on separate hosts.
 SAP Security Concepts (Cont…)
Network Basics(SAP Router, Firewalls and DMZ, Network Ports)
The basic security tools that SAP uses are Firewalls & DMZ, Network Ports, SAP Router, etc. A
firewall is a system of software and hardware components which define the connections
that should pass back and forth between communication partners.SAP Web dispatcher and
SAP Router are examples of application level gateways that you can use for filtering SAP
network traffic.
Web-AS Security(Load Balancing, SSL, Enterprise Portal Security)
SSL (Secure Socket Layer), is a standard security technology for establishing an encrypted link
between a server and client. With SSL you can authenticate the communication
partners(server & client), by determining the variables of the encryption.

With sap cyber security, both partners are authenticated. The data transferred between the
server and client will be protected so any manipulation in the data will be detected. In
addition to that data transferred between the client and server is also encrypted. Enterprise
portal security guide can be helpful to secure the system by following their guidelines.
Single Sign-On
The SAP single sign-on function enables you to configure same user credentials to access
multiple SAP systems. It helps to reduce administrative costs and security risk associated
with maintaining multiple user credentials. It ensures confidentiality through encryption
during data transmission.
AIS(Audit Information System)
AIS or Audit Information System is an auditing tool that you can use to analyze security
aspects of your SAP system in detail. AIS is designed for business audits and systems audits.
AI presents its information in the Audit Info Structure.
 SAP Security Features for Mobile Apps
SAP applications are now available on mobile with an
increase in the mobile users. But this exposure is a
potential threat. The biggest threat for an SAP app is
the risk of an employee losing important data of
customers.
The good thing about mobile SAP is that most mobile
devices are enabled with remote wipe capabilities. And
many of the CRM- related functions that organizations
are looking to mobilize are cloud-based, which means
the confidential data does not reside on the device
itself.
Some of the popular mobile SAP security providers are
SAP Afaria, SAP Net weaver Gateway, SAP Mobile
Academy and SAP Hana cloud.
 SAP Security Features Check List
• SAP Security Best Practices Checklist
• Network settings and landscape architecture
assessment
• OS security assessment where SAP is deployed
• DBMS security assessment.
• SAP Net Weaver security assessment
• Internal assessment of access control
• Assessment of SAP components like SAP Gateway, SAP
Messenger Server, SAP Portal, SAP Router, SAP GUI
• Change and transport procedure assessment
• Assessment of compliance with SAP, ISACA, DSAG,
OWASP standards
•
SAP SECURITY (User Id and Logon
Authorization)
 SAP SECURITY
• Audience
• This tutorial is suitable for those professionals who
have a good understanding about SAP Basis tasks and a
basic understanding of the system security. After
completing this tutorial, you will find yourself at a
moderate level of expertise in implementation of the
security concepts in a SAP system.
Prerequisites
• Before you start with this tutorial, we assume that you
are well-versed with SAP Basis activities – User
Creations, Password Management, and RFC’s. In
addition, you should have a basic understanding of
security terms in the Window and UNIX environment.
SAP SECURITY (Cont…)
SAP SECURITY (Classification)
 SAP SECURITY (Cont…)
Different Layers of Security
We can help multiple layers of security in a SAP R/3
system.
• Authentication − Only legitimate users should be able
to access the system.
• Authorization − Users should only be able to perform
their designated tasks.
• Integrity − Data integrity needs to be granted at all
time.
• Privacy − Protection of data against unauthorized
access.
• Obligation − Ensuring liability and legal obligation
towards stakeholders and shareholders including
validation.
SAP SECURITY (Security Layers)
 SAP SECURITY (Cont…)
This chapter explains the following topics −
the role of a BASIS Administrator,
tasks related to SAP BASIS Administration, and
categorization of SAP Administrative tasks.
We can subdivide the roles of a SAP BASIS Consultant into the following categories −
Server Administrator
Interface Analyst
Solution Specialist
System Architect
Network Administrator
Transport Administrator
Batch Administrator
Database Administrator
Security Specialist
ABAP Specialist
DDIC Manager
OS Administrator
SAP DBA
System Administrator
 SAP Security Explained by the experts
• SAP security is a balancing act that involves all the tools, processes, and
controls set in place in order to restrict what users can access within an SAP
landscape. This helps ensure that users only can access the functionality they
need to do their job. They should be prevented from viewing or altering data
they aren’t authorized to see. At the same time, the access controls need to
be seamless, so people don’t get locked out of their workflows and spend
unproductive time getting back to work.
• Expert, Ben Uher, Client Manager of Security & Controls at
Symmetry, provides more detail on three main areas: how SAP security works
with GRC, the difference between SAP security and cyber security, and how
managed security services could help your organization’s SAP security needs.
• While GRC examines users’ capabilities in the system and creates policies that
meet compliance requirements, SAP security implements those policies
regularly by provisioning new users and identifying gaps in the system that
don’t align with GRC. Likewise, while SAP security is focused mainly on insider
threats, cyber security is focused on external threats. With the sheer variety
of risks involved in an SAP security landscape, a managed security services
partner can help monitor, revamp, and remediate any security risks and
findings to support your IT team.
 SAP Security Basics(Security Vs GRC)

SAP security isn’t the same thing as governance,

risk and compliance (GRC). GRC audits user access
to spot problems with user privileges or behaviour,
then it puts together a compliant provisioning
program, which is implemented using SAP security
tools.
 Three SAP HANA Best Practices to
Implement
• While security is crucial for any technology, SAP HANA
security requires unique adaptations from the standard SAP
security model. There are three top SAP HANA best practices
you should implement as part of your security routine.
• Operate on a least access rights model in order to minimize
the potential damage employees could cause if they were to
have access to more information. Also, ensure you have the
right expertise, given SAP HANA privileges require different
implementation than traditional SAP permissions.
Furthermore, understand how HANA handles objects to avoid
catastrophic events.
• Although security concepts remain fairly consistent across
applications, each application, such as SAP HANA, has a
distinct implementation process and knowledge base.
 SAP Security(Alleviate your SAP Security Worries)
• The first step to alleviating your worries about SAP security is
understanding what it is: a control process that helps address specific
enterprise risks. For instance, it provides various tools that restrict user
capabilities within an SAP landscape. The balance lies in providing users
enough access to fulfil their job needs, while maintaining strong
Segregation of Duties (SoD) controls.

• While SAP security can be managed by your internal IT team, it poses a

couple risks that should be considered. Perhaps your business lacks
certain skill sets that are required, or you become susceptible to potential
insider threats. Maybe your internal team can’t easily recognize issues in
your SAP security controls because they lack outside perspective.

• In these situations it proves helpful to have an outside, managed security

partner. They can easily spot gaps in your controls, reduce the risk of
internal attacks, keep your internal team accountable, and fully utilize
your internal IT team more efficiently.
 SAP Security (Basics of Access Control)
• SAP SECURITY — BASICS OF ACCESS CONTROL
• SAP security assigns roles to users. Each role allows users to
run certain transactions (processes within the SAP system).
When running a transaction, the user get authorizations to
perform specific tasks.
• Under SAP security best practices, admins create a standard
role for a position, which can then be assigned to anyone
occupying that position. For example, a company might
create a financial consultant role that permits each consultant
to run a set of transactions related to credit limits and other
tasks their job covers. Each consultant would receive SAP
HANA security authorization to address customer credit
limits, but only for their own customers. This lets the
consultants do their jobs, while minimizing the security risks
they pose.
 What are the SAP Security Risks?
• SAP Security is all a balance of locking down data and making
data accessible and usable for people. Understand these
three key SAP security basics to help you get started laying
the foundation for protecting your business.
• Establish your baseline risks by reviewing the power and
people who have access to the company’s most sensitive
roles, evaluating custom transactions that are outside normal
procedure, and running a Segregation of Duties (SoD) risk
analysis.
• It’s also important to define your controls and perform a
system risk assessment. Knowing who controls various
aspects of the business enables you to assign proper
mitigating controls. Performing regular risk assessments of
SAP users’ password strength, profile parameters, developer
keys, and more will also help you mitigate risk.
 Why SAP Security Basics are easy to get Wrong ?
It’s easy to get SAP security settings wrong because SAP
security can get quite complicated. SAP security settings can
interact in complex, unintended ways. Authorizations are
shared between transactions, so sharing access to a piece of
data can give inadvertent access elsewhere. For example, one
of our customers had previously granted access to a manager
to see their employee’s performance appraisal, but did it
incorrectly. As a result, the manager was able to see their
own appraisal before it was complete.
Getting SAP security basics wrong can be bad for business,
e.g. if a customer manager is only supposed to see customer
names but is accidentally given access to their credit card
numbers. This is a PCI violation that can lead to fraud. And,
some kinds of access (e.g. debug) can let users bypass access
controls entirely.
 HOW SAP SECURITY SERVICES FAIL AT GO LIVE
Many integration partners see SAP security as an obstacle; they
want to get the system up and running first, and don’t want to
have to deal with complicated role creation. Instead of accounting
for SAP security basics in the planning stage, they try to tackle on
security controls once the project has been built, with potentially
disastrous results.

Compounding the problem, most testing is done in the quality

assurance (QA) system where the SAP project management team
has unlimited access. Failing to test adequately in production can
lead to major SAP security risks by giving users too much access, or
paralyse the company by not providing all the permissions users
need to do their jobs. These mistakes can also increase the risks
posed by cyber security vulnerabilities, since hackers can gain
more access by compromising an account.
 SAP Security Feature is protection of your business
• Companies regularly face threats from outside the
firewall through cyber-attacks – that’s why it is vital
you build a comprehensive SAP security architecture
inside the firewall to build both agile and sustainable
data protection.
• Creating a balance of access, risks and controls among
employees is important in managing risk. Limiting data
access may minimize risk, but without enabling access
and permissions to users who need it, an organization
can become paralyzed.
• It’s also key to keep your SAP security architecture
nimble in order to adapt with changing roles and
responsibilities throughout the organization. This will
help mitigate any risks and potential SoD conflicts that
come along with shifting people, roles, and processes.
 REDESIGNING SAP SECURITY WITH EASE
• There’s a large difference between simply enhancing an SAP
security landscape with a sound structure and having to
completely redesign dysfunctional, outdated SAP security that
has a poor foundation.
• Companies may attempt to fix old security models with poor
foundations as opposed to redesigning the entire SAP security
landscape. Attempting to manually revamp an SAP security
model then often results in an unusable system. That’s why you
should consider automating your SAP controls and partnering
with experienced SAP security experts to ease the redesign
process.
• Having a partner that understands SAP security redesign can help
you minimize risk and fully utilize automation software tools that
can reduce overall redesign time and cost by more than 50%. For
instance, automation tools like Control Panel GRC Security
Acceleration Suite can help you streamline troubleshooting and
routine redesign tasks.
 Boost performance with SAP Security health Checks

Without regular monitoring of your organization’s SAP health, you

can’t fully maximize what SAP has to offer or use new insights to
improve your performance and strategy. It really comes down to
being aware and having the internal skill set to effectively use
Solution Manager to perform system health checks.

With SAP comes Solution Manager (SolMan), an invaluable solution

that provides technical monitoring capabilities for daily system
health checks, as well as Early Watch Alerts that delve deeper and
provide comprehensive information on your system health. That’s
why it’s crucial that you fully utilize all that SolMan has to offer.

While SolMan provides the tools you need to monitor SAP health, it
can be difficult to use it effectively because of large, unprioritized
information sets. Having adequate SAP Basis support staff and using
support tools like Science Logic can help manage and automate the
process of conducting regular SAP system health checks, as well as
prioritize your system’s most important needs.
 SAP Managed Security Services: From Impossible to Routine

• SAP security is evolving to make things easier. What might have

once been nearly impossible is now routine. A sound SAP security
solution makes life easy by merging three core considerations: SAP
GRC, SAP security and cloud security.
• A managed SAP Security Services team can readily take on the first
two, setting GRC policies and simplifying your SAP security model to
meet required policies. The MSP can also deal with daily security
tasks.
• Cloud security takes focus, though. With or without an MSP, your
SAP cloud security team needs to perform the following tasks:
• Continuous vulnerability scanning
• Monitoring user activity and compliance
• Applying patches quickly
• Fixing other SAP platform problems, e.g. configuration issues
• Using advanced threat intelligence to anticipate and address risks
 Making SAP Security Part of Your Routine
SAP security mainly focuses on insider threats, such as risks of fraud,
theft, vandalism, and record keeping errors, which does not protect your
business from potential external attacks. That’s where cyber and cloud
security comes in. Focusing on both SAP and cloud security together will
build a complete strategy for protecting your enterprise.

Many companies struggle with basic SAP security and cloud security. In
terms of internal threats, organizations commonly face challenges of
outdated security approaches and inefficient approval sign offs that delay
processes and decrease productivity. In preventing external threats,
companies struggle with performing regular SAP maintenance, have poor
information or priorities, and face uncertainty of malicious attackers
having insider assistance.

Having the right SAP managed security services team can help you
effectively support your internal SAP GRC and SAP security needs, while
your cloud security team and partners like Onapsis can help proactively
spot external threats.
SAP SECURITY (Cont…)
 SAP SECURITY (Cont…)
Tasks Performed under Different Roles
We can further categorize the tasks performed under different roles −
System Architect
Sizing SAP systems
Design SAP landscape
Transport Administrator
Change control across SAP landscape
Batch Administrator
Create and manage batch jobs across landscape
Security Specialist
Design, monitor, and manage access to SAP landscape
ABAP Specialist
Troubleshoot and tune ABAP programs
Apply correction to program
DDIC Manager
Manage changes to SAP data dictionary
SAP DBA
Manage integrity of SAP database objects
Manage backups and restore
System Administrator
Maintain system health
Monitor and tune system performance
Interface Analyst
Analyze and Monitor
Interfaces within SAP landscape
Solutions Specialist
Installation of AP / Add-On
Migrate OS / DB
Upgrade SAP version
Archiving of SAP Data
 SAP SECURITY (Cont…)
• SAP BASIS Administration Tasks
• SAP BASIS administration tasks can be further categorized as follows −
• SAP Administration
• Starting and stopping SAP instance(s)
• User administration – setup and maintenance
• Authorization / Role / Profiles – setup and maintenance
• Setup SAP security
• Maintenance of system’s health
• Monitor system performance and logs
• Spool and print administration
• Maintain system landscape
• Transport management systems
• Manage change requests
• Create / Manage batch jobs
• Backup schedule, run, and monitor backup of SAP
• Apply patches, kernel, and OSS notes
 SAP SECURITY (Cont…)
• SAP Administrator's Frequently Used Transactions
• SM04/AL08 − User List
• SM51 − Display Application Server
• SM37 − Background Job Overview
• SM50/SM66 − Manage Work Processes
• SM12 − Mange Lock Entries
• PFCG − Maintain Roles
• SM13 − Manage Update Records
• SM21 − Analyze System Log
• SM02 − Send System Messages
 SAP Security (Cont…)
Transaction codes are used in SAP for getting an
easy access to custom applications or to call
predefined processes. Transaction codes are a kind
of shortcuts for different applications. Various
categories of transaction codes are defined
according to application area and modules. Some
common and most widely used transaction codes
are defined below
 SAP Security (Cont…)
• ABAP / Tables / Data Dictionary
• SE11 − Dictionary definitions
• SE14 − Database utility
• SE16 − Data Browser (display only)
• SE16n − Modify: “&sap edit” (uase16n)
• SD11 − Data model
• SM30/SM31 − SAP Table view maintenance
• SE54 (SOBJ) − Table / View Cluster
• SE37 − Function module editor
• SE38 / SE39 - Program editor / split screen
• SA38 − Program execution
• SE80 − ABAP development workbench
• SE84 − Object navigator
• SE18 − BAdI definitions
• SE19 − BAdI implementations
• SE24 − Class builder
• SWO1/2 − Business object builder / browser
• SMARTFORMS − Smart forms administration
• SE71 − SAP script (Form painter)
• SE43 − Area menu maintenance
• SE91 − Message maintenance
• SE93 − Transaction maintenance
 SAP SECURITY (Cont…)
• Runtime / Logs / Database
• SM21 − System log sm13 Update requests
• ST22 − ABAP Runtime Error (Dump)
• SM12 − Table look entries
• SM56 − Number range buffers
• SNRO − Number ranges
• SE30 − Runtime analysis
• ST01 − System trace
• ST05 − SQL Trace
• DB02, ST04 − Database tools / performance
• ST02, ST06 − Database tune summary
• SCU3 − Table logging (see V_DDAT_54)
 SAP SECURITY (Cont…)
• Jobs / Batches / Events
• SM36 − Job definition
• SM37 /SMX − Job overview
• SM50 − Process overview
• SM34 − View cluster maintenance
• SM49/SM69 − External commands
• SM66 − Process overview
• SM62/SM64 − Event overview / administration
• STVARV(C) − Selection fields variables
 SAP SECURITY (User Administration)
User Administration
• SM04 − User overview
• SU53 − Check authorization data for user
• SUIM − User information / authorization
• SU20 / SU21 − Authorization object and class / field
• SU01 − User maintenance PFCG roles
• SU03 − Authorization Archive Development Kit
(ADK)
 SAP SECURITY (Batch, Path &
Connections)
Batch Input
• SM35 − Batch Input: session overview
• SHDB − Batch input recorder
• Paths & Connections
• AL11 − SAP file directory
• FILE − Logical file path
• SM58 − Transactional RFC
• SM59 − RFC connections
 SAP Security (Spool Printout)

• SP01 − Spool request selection

• SP02 − List of own spool requests
• SPAD − Spool administration
 SAP Security (Cont…)
Tasks Performed under Different Roles
• We can further categorize the tasks performed under different roles −
• System Architect
• Sizing SAP systems
• Design SAP landscape
• Transport Administrator
• Change control across SAP landscape
• Batch Administrator
• Create and manage batch jobs across landscape
• Security Specialist
• Design, monitor, and manage access to SAP landscape
• ABAP Specialist
• Troubleshoot and tune ABAP programs
• Apply correction to program
• DDIC Manager
• Manage changes to SAP data dictionary
• SAP DBA
• Manage integrity of SAP database objects
• Manage backups and restore
• System Administrator
• Maintain system health
• Monitor and tune system performance
• Interface Analyst
• Analyze and Monitor
• Interfaces within SAP landscape
• Solutions Specialist
• Installation of AP / Add-On
• Migrate OS / DB
• Upgrade SAP version
• Archiving of SAP Data
 SAP Security (Cont…)
SAP BASIS Administration Tasks
SAP BASIS administration tasks can be further categorized as follows −
SAP Administration
Starting and stopping SAP instance(s)
User administration – setup and maintenance
Authorization / Role / Profiles – setup and maintenance
Setup SAP security
Maintenance of system’s health
Monitor system performance and logs
Spool and print administration
Maintain system landscape
Transport management systems
Manage change requests
Create / Manage batch jobs
Backup schedule, run, and monitor backup of SAP
Apply patches, kernel, and OSS notes
Database Administration
Database Space Management
Database Backup
Database Recovery
Database log (Redo log, Archive Log) management
Database Performance Tunings
Operation System Administration
Operation system security
Operation system performance tuning
OS space management
OS level background job management
OS level backup and recovery
Overall System Monitoring
Monitoring R/3 servers and instances
Monitoring users and authorizations
Monitoring security part
Monitoring workload analysis
Monitoring processes
Monitoring buffers
Monitoring operating system
Monitoring database
Monitoring backups
 SAP SECURITY (Administrator Cont…)
• SAP Administrator's Frequently Used Transactions
• SM04/AL08 − User List
• SM51 − Display Application Server
• SM37 − Background Job Overview
• SM50/SM66 − Manage Work Processes
• SM12 − Mange Lock Entries
• PFCG − Maintain Roles
• SM13 − Manage Update Records
• SM21 − Analyze System Log
• SM02 − Send System Messages