8/6/2019 Annual Tasks

1/6

System Administration Made Easy 81

&KDSWHU 6FKHGXOHG$QQXDO7DVNV

&RQWHQWV

The R/3 System .......................................................................................................82

Database ..................................................................................................................83

Operating System ...................................................................................................83

Other.........................................................................................................................84

Notes ........................................................................................................................84

8/6/2019 Annual Tasks

2/6

Chapter 8: Scheduled Annual Tasks

The R/3 System

Release 4.6A/B82

7KH56\VWHP

System: __________

Date: ____/ ____/ ____

Ad min: _____________________

Task Transaction Chapter Procedure Check off/Initial

Archive year-end backup. 3 Send year-end backup

tapes to long-term

offsite storage.

Aud it user security. 11 Review users security

authorization formsagainst assigned

profiles.

Can also be done w ith

reportRSUSR100

Aud it profiles and

authorizations.

SU02 Secur ity

Profile

Maintenance

11 With report RSUSR101

SU03 Secur ity

Authorization

Maintenance

11 With report RSUSR102

Review segregation of d uties.

Aud it user IDs SAP*an dDDIC.

Run SAP user aud it reports. SA38 (or SE38)

Execute

ABAP p rogram

11 Run user aud it reports.

Check that the system is set to

Not modifiable.SE03

Workbench

Organizer Tools

11 Verify that system is set

to Not modifiable.

SCC4

Clients:

Overview

11 Check changeable statu s

for applicable client

8/6/2019 Annual Tasks

3/6

Chapter 8: Scheduled Annual Tasks

Database

System Administration Made Easy83

Task Transaction Chapter Procedure Check off/Initial

Check locked transactions SM01

Transactioncodes:

Lock/ Unlock

11 Check against you r list

of locked transactions.

'DWDEDVH

Task Where Chapter Procedure Check

off/Initial

Archive year-end backup 3 Send year-end

backup tapes to

long-term offsite

storage.

2SHUDWLQJ6\VWHP

Task Where Chapter Procedure ColumnTitle

Archive year-end backup 3 Send year-end

backup tapes to

long-term offsite

storage.

8/6/2019 Annual Tasks

4/6

Chapter 8: Scheduled Annual Tasks

Other

Release 4.6A/B84

2WKHU

Task Where Chapter Procedure Checkoff/Initial

Perform d isaster recovery. 2 & 3 Restore entire

system to d isaster

recovery test system

Test business

resumption

1RWHV

Problem Action Resolution

In chapters 48, we have included a list of tran sactions like the on e below. This list conta ins

basic information abou t the transactions in the checklist. For ad ditional information on these

transactions, see the chapter referenced in each checklist.

7UDQVDFWLRQ6$6(

:KDW

All users wh o have left the company should h ave their R/ 3 access terminated imm ediately.

By locking or deleting these user IDs, you limit access to only those u sers wh o shou ld have

access to R/ 3. Periodic review assures the task of locking or deleting has been completed.

:K\

Proper au dit control requires that a user w ho no longer has a valid business need to access

R/ 3 should n ot be allowed to keep that access.

Deleting or locking these user IDs also prevents anyone who had been using the term inateduser ID from accessing the system un der that ID.

7UDQVDFWLRQ6(6&&

:KDW

There are switches that p revent changes from being mad e in the system. In the p roduction

system, these shou ld be set toNot modifiable.

8/6/2019 Annual Tasks

5/6

Chapter 8: Scheduled Annual Tasks

Notes

System Administration Made Easy85

The purpose of setting the prod uction system to Not modifiable is to make sure that changes

are mad e using the developm ent pipeline.

In the developm ent pipeline, changes are:

1. Created in the developm ent system

2. Tested in the developm ent system

3. Transported from the developm ent system to the test system

4. Tested in the test system

5. Transported from the test system to the produ ction system

Using this procedu re, changes are p roperly tested and app lied to the systems in the

pipeline.

:K\

Objects should not be m odifiable in the quality assuran ce orprod uction systems. This rule is

to protect the prod uction system from object and configuration changes being mad e,

withou t first being tested. By setting the produ ction system to Not modifiable, the integrity of

the pipeline is preserved.

7UDQVDFWLRQ60

:KDW

Dangerou s transactions are transactions that could d o the following:

< Damage or corrup t the system

< Present a security r isk

< Adversely impact performance

:K\

< If a u ser accidentally accesses these transactions, they could corrupt or destroy the R/ 3

System.

Access to dangerous tran sactions is more critical in the produ ction system than the

developm ent or test systems. This is because of live data an d the fact that the compan ys

operations are depend ent on the R/ 3 System.

< Certain transactions should be locked in the prod uction system, but not in the

developm ent, test, or training systems.

Stand ard security normally prevents access to these transactions. How ever, someadministrators, programm ers, consultants, and functional key users could have access to

the tran sactions d epend ing on the system they are on. In these cases, the transaction lock

prov ides a second line of defense.

There are over 48,000 English transaction codes in the R/ 3 System. To make it man ageable,

only the critical ones need to be locked. Your functional consultants shou ld sup ply you with

any add itional critical transactions in their modu les.

8/6/2019 Annual Tasks

6/6

Chapter 8: Scheduled Annual Tasks

Notes

Release 4.6A/B86