List of Security Tasks

1. How to provide additional authorization in BI/BW.
2. HOW to do mass user changes to SAP EASY ACCESS
3. improve your user Master Record Accuracy with Hidden Fields
4. CUA configuration
   
5. T-code: S_BCE_68001400,better version of T-code: SUIM.(Auditing)

HANA security:

SAP HANA is ACID compliant - a term that describes that has atomicity, consistency, isolation, and durability.

Concept of HANA Scale out:

The amount of RAM supported on a single SAP HANA appliance is finite, and organizations often need to store more data in-memory than is supported on a single host. To overcome this limitation, SAP HANA can be scaled out to run on multiple servers that act as a single instance, acting as a single appliance when scaled over multiple nodes while giving users a single point of access. When distributed on multiple nodes, the core software engines are active on each node and used to manage the distributed data in memory.

Fortunately, because the SAP HANA scale-out cluster acts as a single instance, users, roles, and privileges are centrally managed for all server nodes.

Core Engines:

Index server: When data is stored in-memory, it resides within the index server process.

XS Engine: The XS engine acts as a web application server.

Name Server

The name server is responsible for managing the topology of the SAP HANA architecture. With an SAP HANA scale out, the name server keeps track of which services are active and where data tables reside in the cluster.

The name server configuration file contains global password policy configurations. The global password policy is used to define how SAP HANA manages password authentication throughout a scale-out landscape.

Preprocessor Server

The preprocessor server helps the index server process text-based searches.

     

     6.Intro to HANA security: SAP HANA security consists of users, roles, and privileges.

           

                        User accounts are created and assigned one or more roles

                                                                     👇

                          roles are created and assigned one or more privileges.

            

BI_security/ BW_security

                                                           A brief note on security:                                                              

• ECC security is Transaction based security.       
• HR security is position based security.
• BW/BI is Query based security.                                                                                                                                    
• Data in ECC system is permanent data. where as BW/BI is analytics data.

Ex1: bank transaction data for all the transaction will be stored bank server is an example for ECC system data.where as last 6 transaction data which, will get in mini statement is query based data from BW/BI server.

Ex2: Suppose their are 3 lakhs of employee working in an ERP based company.this data will be stored in ECC systems. where as query for top 10 salary getting employees query will be in BW/BI system.

• Query in BW/BI server will re-arrange the data in ECC system.
• Authorization maintenance for this queries is called BW/BI security.  

Note:

connection between ECC system to BW/BI system will be done through RFC connection. with the concept behind it ETL tool.

E - extract.
T- Translation.
L- Load.

ex: in ECC system                                                                             in BI/BW system

                emp name ----------------------------------------------------------------> first name

Difference between BW and BI systems:

----------------------------------------------------------|---------------------------------------------------------------

                  BW                                                                                           BI

------------------------------------------------------------------------------------------------------------------------                                                                                

• last version of BW - 3.5                                                      last version of BI 7.X
• ABAP based                                                                          Netweaver based
• Customizing authorization objects                                     Analysis authorization
• T-code: RSSM                                                                     T-code: RSECADMIN
• one authorization objects have 10 fields                              No limit

--------------------------------------------------------------------------------------------------------------------------

Note:
for security admin only works on 2 T-codes: RSSM (if the system is BW system.)
                                                                        RSECADMIN (if the system is BI system.)

Key points to be consider for BI security:

• source system: It's either SAP or NON SAP system.
• Data source: whatever the data available in SAP BI system we call Data source (Info packages).
• Info Area: the place where BI data is store in the BI system is called INFO AREA(folder name).
• Info object catalog: who folds actual /all objects( Folders inside INFO AREA, for better segregation).

eg: Movies is folder name, inside telugu movies,tamil movies,Kanada movies are folders inside the folder Movies.

• Info objects: Each field in the tables( combination of key figures and characteristics)
• Info provider: Through info provider will load the data inti info objects.

Here we go for the practical steps 👀:

1. login to BI system.by providing user id and password.

2. Access T-code RSECADMIN

3. The screen rsecadmin screen looks like below.                                                                                    

4.click on Autorizations and then Maint. As shown below.                                                                      

5.Enter the Authorization object name.So called as Role in ECC systems.                                     

6.click on create.                                                                                                                                         

7.provide the description details.                                                                                                           

8.click on insert special characters to obtain default authorization object.

8(2). Resultant screen for the step 8.                                                                                                         

9. click on the intervel option.as shown below.

10.Click on the add  button. To add the custom role as per the business requirement.

11.Then click on the help button. As shown below to add Info objects.

12. Add the required info object.

13. Add the intervals value.

14. Click on SAVE.


14. To add no. of info objects

15. Followed by operator value.

16. select the value as per the business requirement.                                                                                

17. click on SAVE.

18. Go with YES.

19. finally SAVE again, after defining the interval value.



20.From the previous steps creation of Authorization required is completed. Now assign to user.

21.Click on Assign.

22.Click on Change as shown below screenshot.

23. Enter the Authorization role in the Authorization selections & click on Insert.
      Cross check the result as shown in the screen shot as 2.

Hurrah!!! the authorization is added to the user in BI system.

Authorization maintenance for BW(3.5) system

Note: The authorization maintenance for BW system is almost similar to ECC system. But the below authorization object need to add manually.

step 1: 

SU01 ---> collection user details--> assign the T-code: RSSM
PFCFG --> create role.

step 2:

Name of the Authorization object is s_rs_comp

step 3:                                                                                                                                                       
Add the s_rs_comp1 to add user details.                                                                     

Step 4: save and generate profile similar like ECC system.

To make a file tar.gz and untar the same

hec01v039748:/install # ll
total 4160748
drwxrwsrwx 6 root root       4096 Aug 22 15:20 HANA2_00_042_00
-rwxr-xr-x 1 root root 4243875840 Aug 28 13:11 HANA2_00_042_00.tar
drwxr-xr-x 3 root root       4096 Aug 28 08:56 hec01v039748
drwxrwxrwx 2 root root       4096 Jul 26  2016 .snapshot
hec01v039748:/install #


hec01v039748:/install # tar -cvzf HANA2_00_042_00.tar.gz HANA2_00_042_00


hec01v039748:/install # ll
total 8064956
drwxrwsrwx 6 root root       4096 Aug 22 15:20 HANA2_00_042_00
-rwxr-xr-x 1 root root 4243875840 Aug 28 13:11 HANA2_00_042_00.tar
-rw-r--r-- 1 root root 3982221501 Aug 28 13:26 HANA2_00_042_00.tar.gz
drwxr-xr-x 3 root root       4096 Aug 28 08:56 hec01v039748
drwxrwxrwx 2 root root       4096 Jul 26  2016 .snapshot
hec01v039748:/install #

to untar a tar file
hec01v039748:/install # tar -xvzf HANA2_00_042_00.tar.gz

to make sar file to tar file

to untar tar files

how to make sar file into tar

 tar -cvzf     IMDB_SERVER20_042_0-80002031.SAR.tar.gz IMDB_SERVER20_042_0-80002031.SAR

unzip tar files in linux

How to make tar files in linux

$ssh username@server_name $ssh server_name. Secure login

Ex:

$ssh username@server_name

$ssh naveen@dev_server


To login to remote server with same user from present login server

Ex:

$ssh server_name

$ssh dev_server

$kill

$export - a brief note on how to set environment variable

$uname - a : system information in Linux machine

$diff

Ex:

$diff   instance_profile instance_pf_bkp

Note:can use to check the profile parameter changes. 

Brief note on install software

How to control(start, stop, status, restart) a service in linux

In Sap environment while stopping, starting, restarting & finally for checking the status of service. The above command is useful.

Ex:

$sapstart.srv start

Here
Sapstart.srv  is one of the core demon

Similarly

$service sapstart.srv stop
$service sapstart.srv restart
$service sapstart.srv status
$service sapstart.srv start

The above commands are useful for stop,restart,to check the present status of service & to start the service respectively.


...................................................................….............

$free - to check free RAM available at present stage

Shutdown cmd s in linux

vi - to edit the file

$ vi <file_name>

ex

$ vi Naveen.txt

Here

Naveen.txt is file name


The Vi command used for editing the file.

cat - concatenates and display files.

$ cat 

The cat command, concatenates and display files. this is the command you run to view the contents of a file.

ex:

% cat <hello.txt>

this is the first line
this is the second line


here hello.txt is the file name to be displayed.

cp - to copy the file in linux, to take backup of file in linux

$ cp <file_name>  <file_name.bkp>

ex:
$ cp  Naveen  Naveen_bkp

to copy the file in linux or to take the backup of existing file in linux

to check the network connect between two linux servers

$ ping <Host_name_of_remote_server>

to check the network connect between two linux servers

File is missing in the remote server

Wget --spider -v <file_directory_path or link>/filename

To check whether the file is available or not in the remote system.

Here:

<file_directory_path> - if need to check the file in same host.
<link>  - remote server file location path.

whoami - displays current user details in CLI

$ whoami

- displays current user details in CLI

Pwd

$ pwd

the pwd command,Displays the present working directory name.if you don't know what directory you are in, pwd will help you.

How to Stop SYBASE database

Hostname:~ # /usr/sap/hostctrl/exe/saphostctrl -function StopDatabase -dbtype syb -dbname PL1 -service

here PL1 is DBSID

Result 

Webmethod returned successfully

whereis cmd in linux

It is usually used to find executables of a program, its man pages and configuration files.

                                                                                                                                 result:                                                                                                                                                      

list of complete authorizations available in linux machine

                                                                                                                                       To get the list of authorizations available in the Linux system

Result                                                                                                                                                        

    

list of groups in the linux machine

                                                                                                                           

To get the list of groups in the linux machine.

list of users in linux machine

• To check the list of users in Linux machine: compgen -u

List of Linux command

basic level

1. virtualip list -To check what actually instance are installed in server.
2. shutdown cmds - To shutdown server
3. $free - to check free RAM in the system

intermediate level

1. compgen -u : To check the list of users in Linux machine
2. compgen -g :To get the list of groups in the linux machine.
3. compgen -c :list of complete authorizations available in linux machine
4. less /etc/passwd :to get the list of user list in detail 
5. whereis - executable file location in Linux machine
6. pwd - Displays present work directory
7. Whoami - Dispaly current user details
8. cp - to copy the file in linux, to take backup of file in linux
9. cat - concatenates and display files.
10. vi - to edit the file
11. How to change file owners in LINUX and UNIX using PUTTY tool
12. NFS - No Root Squash
    

Advanced linux commands

ping -to check the network connect between two linux servers

Wget -to check the availability of file in the remote server

• command pidof- To list all the process ID of one service @ OS level  (ACC)
  

List of System monitoring:

System monitoring commands

mount and unmount cmd

SAP linux administration:

Default user groups assigned to <sid> adm user

Automation scripts:

1. How exactly need to write shell scripts.

        Ans:       Click here

2. importance of interpreter in the scripts.

      Ans:         Click here

3. How to create and use variables.

    Ans:           Click here

4.Testing and decision making.
     
     Ans:         Click here

5. if statements

   Ans:         Click here

6. if else condition

  Ans:         Click here

7.For loops

  Ans:     Click here

8.read cmd

 Ans:   Click here

9.position parameters

Ans:   Click here

10.exit code sample test condition.

Ans:  Click here

11.Functions.

Ans:   Click here

12. Wildcards

Ans:   Click here

13. How to include Linux commands in scripts & using echo for better visibility.

Ans:    Click here

14. How to search for one particular word in large size files.

Ans:   Click here

15. How to delete files older then 90 days using scripts.

Ans:  Click here

16. How to take backup of file system using Linux scripts.

 Ans:  Click here

17. check the file system space with reference to threshold value using Linux scripts.

Ans:  Click here

18. rsync and csync and their significance.

Ans: Click here

19. sed

Ans:  Click here

20.Total disk space used  by the server.

Ans: Click here

21.touch test in Linux

Ans: Click here

22.Server information using Linux scripts

Ans: Click here

23. Script that sends mail automatically when SAP Application is down( manually)

Ans: Click here

24.consumption of the work process during an specific task - using script (ACC)


Frequent task:

25. Coping backup from source to target screen - SCP command

Windox server - 2016

6.Difference between Disk Cleanup and Disk Defragmenter
5.How To Backup Windows Server 2016

Virtual ip

• To check what actually instance are installed in server: virualip list

list of sybase activities

1. How to stop Sybase DB
2.How to apply patches to sybase.
3. how to start sybase database and backup.
4.SYBASE error log for any errors.
5.No of connections exceeded
6. How to extend one data unit space in sybase
7.Sort order configuration in sybase Database
8.sybase installation failed with issue - Assertion failed: Unable to set up backup server
9.SAP ASE Backupserver fails to start with "The 'sem_open' call failed with error number 13 (Permission denied)"
10.Sybase Replication step by step process
11. Proactive sybase DB space analysis

List of BASIS Activities

List of BASIS Activities

1. introduction to SAP ERP
   
2. SAP_R3_ARCHITURE
   
3. user administration
4. User group creation.
5. SAP User audit (EULA)
   
6. Migrate EULA price list to the new contract
   
7. Maximum no. of users login for instance
   
8. Client creation screen
   
9. Lock Client of SAP system
   
10. HOW to check where a system is ABAP stack or dual stack(ABAP + java).
    
11. LaMa installation Reference
12. system copy using Lama
13. SAP MC.
14. Content server installation
15.  How to get hardware key of system from OS level

ABAP Application management:

    1.SM51 - instances of SAP system - monitoring

    2.How to make one SAP application dialog instance in to passive mode.
    3. Dialog work process status in sm50

Client administration

1. client settings
2. complete T-codes involved in client administration
3. Local client copy
4. Client export and import
   
5. Remote client copy
   

STMS:

1. Three system STMS configuration

Background Job administration:

1. Background job notes 1: Brief introduction
2. Different status of Background job
3. Major T-codes involved in background job administration.
4. Scheduling background jobs
5. Scheduling standard background jobs
6. Event based background job scheduling.
7. How many ways a background job can be scheduled
8. Background job notes

Spool administration:

1. Spool administration notes 1
   
2. spool notes- 2: Creating Front end printer in SAP
   
3. spool notes -3:Local printer
   
4. spool notes 4: logical spool servers
   
5. Spool notes 5: Different status of spool request.
   
6. Spool notes 6: major reports in spool administration
   
7. Spool notes 7: Printer device type
   

Enqueue WP monitoring:

1. Enqueue work process utilized percentage monitoring
   

System monitoring:

1. SMMS
2. ST02
3. How to use dpmon tool - to monitor work process status @OS (ACC)
   
4. Code inspector - Validating your ABAP code before Moving into the production system
   

Kernel upgrade:

1. in HANA DB based systems.

Performance tuning:

1. Brief intro for Performance tuning
2. Performance analysis - Major reasons
3. ST01
4. ST02
5. ST03- workload analysis
6. ST04
7. ST05
8. ST06
9. ST11
10. ST22
11. few calculation to analysis performance issues
12. Operation modes configuration
    
13. Manually switching of operation modes
    
14. CPU ideal is critical
    
15. Sap application server buffers cleaning
    

Update:

1. SUM tool update plan for reference
2. Manually update - SPAM/SAINT version in SAP.
3. SAP Upgrade Dependency Analyzer(UDA)

Startup issue & Solutions:

1.6 know issues & their solutions

2.How to clean all sap start logs in the system

Few customer specific configurations:

1. Browser as GUI

Mail configuration @ SAP Application level:

Intro and outbound mail configuration

outbound mail configuration reference 2

Advanced:

Automatic note search tool

To kill all the PID that related to sap

Troubleshooting:

STMS:

• RFC Communication error with system/destination while importing the Transport request.

Lama installation reference

1. LaMa installation 

Lama by Ramnaveen Thota on Scribd

LaMa series topic 2:System copy using LaMa