Upload
ravindravt
View
217
Download
0
Embed Size (px)
Citation preview
8/6/2019 Annual Tasks
1/6
System Administration Made Easy 81
&KDSWHU 6FKHGXOHG$QQXDO7DVNV
&RQWHQWV
The R/3 System .......................................................................................................82
Database ..................................................................................................................83
Operating System ...................................................................................................83
Other.........................................................................................................................84
Notes ........................................................................................................................84
8/6/2019 Annual Tasks
2/6
Chapter 8: Scheduled Annual Tasks
The R/3 System
Release 4.6A/B82
7KH56\VWHP
System: __________
Date: ____/ ____/ ____
Ad min: _____________________
Task Transaction Chapter Procedure Check off/Initial
Archive year-end backup. 3 Send year-end backup
tapes to long-term
offsite storage.
Aud it user security. 11 Review users security
authorization formsagainst assigned
profiles.
Can also be done w ith
reportRSUSR100
Aud it profiles and
authorizations.
SU02 Secur ity
Profile
Maintenance
11 With report RSUSR101
SU03 Secur ity
Authorization
Maintenance
11 With report RSUSR102
Review segregation of d uties.
Aud it user IDs SAP*an dDDIC.
Run SAP user aud it reports. SA38 (or SE38)
Execute
ABAP p rogram
11 Run user aud it reports.
Check that the system is set to
Not modifiable.SE03
Workbench
Organizer Tools
11 Verify that system is set
to Not modifiable.
SCC4
Clients:
Overview
11 Check changeable statu s
for applicable client
8/6/2019 Annual Tasks
3/6
Chapter 8: Scheduled Annual Tasks
Database
System Administration Made Easy83
Task Transaction Chapter Procedure Check off/Initial
Check locked transactions SM01
Transactioncodes:
Lock/ Unlock
11 Check against you r list
of locked transactions.
'DWDEDVH
Task Where Chapter Procedure Check
off/Initial
Archive year-end backup 3 Send year-end
backup tapes to
long-term offsite
storage.
2SHUDWLQJ6\VWHP
Task Where Chapter Procedure ColumnTitle
Archive year-end backup 3 Send year-end
backup tapes to
long-term offsite
storage.
8/6/2019 Annual Tasks
4/6
Chapter 8: Scheduled Annual Tasks
Other
Release 4.6A/B84
2WKHU
Task Where Chapter Procedure Checkoff/Initial
Perform d isaster recovery. 2 & 3 Restore entire
system to d isaster
recovery test system
Test business
resumption
1RWHV
Problem Action Resolution
In chapters 48, we have included a list of tran sactions like the on e below. This list conta ins
basic information abou t the transactions in the checklist. For ad ditional information on these
transactions, see the chapter referenced in each checklist.
7UDQVDFWLRQ6$6(
:KDW
All users wh o have left the company should h ave their R/ 3 access terminated imm ediately.
By locking or deleting these user IDs, you limit access to only those u sers wh o shou ld have
access to R/ 3. Periodic review assures the task of locking or deleting has been completed.
:K\
Proper au dit control requires that a user w ho no longer has a valid business need to access
R/ 3 should n ot be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the term inateduser ID from accessing the system un der that ID.
7UDQVDFWLRQ6(6&&
:KDW
There are switches that p revent changes from being mad e in the system. In the p roduction
system, these shou ld be set toNot modifiable.
8/6/2019 Annual Tasks
5/6
Chapter 8: Scheduled Annual Tasks
Notes
System Administration Made Easy85
The purpose of setting the prod uction system to Not modifiable is to make sure that changes
are mad e using the developm ent pipeline.
In the developm ent pipeline, changes are:
1. Created in the developm ent system
2. Tested in the developm ent system
3. Transported from the developm ent system to the test system
4. Tested in the test system
5. Transported from the test system to the produ ction system
Using this procedu re, changes are p roperly tested and app lied to the systems in the
pipeline.
:K\
Objects should not be m odifiable in the quality assuran ce orprod uction systems. This rule is
to protect the prod uction system from object and configuration changes being mad e,
withou t first being tested. By setting the produ ction system to Not modifiable, the integrity of
the pipeline is preserved.
7UDQVDFWLRQ60
:KDW
Dangerou s transactions are transactions that could d o the following:
< Damage or corrup t the system
< Present a security r isk
< Adversely impact performance
:K\
< If a u ser accidentally accesses these transactions, they could corrupt or destroy the R/ 3
System.
Access to dangerous tran sactions is more critical in the produ ction system than the
developm ent or test systems. This is because of live data an d the fact that the compan ys
operations are depend ent on the R/ 3 System.
< Certain transactions should be locked in the prod uction system, but not in the
developm ent, test, or training systems.
Stand ard security normally prevents access to these transactions. How ever, someadministrators, programm ers, consultants, and functional key users could have access to
the tran sactions d epend ing on the system they are on. In these cases, the transaction lock
prov ides a second line of defense.
There are over 48,000 English transaction codes in the R/ 3 System. To make it man ageable,
only the critical ones need to be locked. Your functional consultants shou ld sup ply you with
any add itional critical transactions in their modu les.
8/6/2019 Annual Tasks
6/6
Chapter 8: Scheduled Annual Tasks
Notes
Release 4.6A/B86