Академический Документы
Профессиональный Документы
Культура Документы
I ) Administration includes user admin, Client admin, and backup in SAP environments.
He should be able to do user administration like creating and deleting users, assigning and resetting
passwords, locking and unlocking users.
He should be able to troubleshoot security or authorization problems using SU53, ST01 and SUIM
He should be able to create roles using different methods like transactions, direct objects, missing
authorizations, restrictions…etc
He should be able to do client administration like local client copies, remote client copy, create and
deleting clients.
Use transaction SU01 or, from the System Administration Assistant Running Your Display Tasks
(transaction SSAA), choose Entire view. SAP System Administration à Additional Administration Tasks
System Users: Copying a User.
In transaction SU01, enter ADMIN##, choose Copy, then enter the name BASIS##. Deselect
Authorization profiles and Activity groups. Enter a new password for BASIS## twice and save.
It’s from 000 to 999. Total 1000 clients are supported per SAP System.
Client Admin
Backup
SU01D-User Display
To disable multiple user logins within the same client implement this parameter in the instance profile
login/disable_multi_gui_login = 1
· RSUSR003 Check the passwords of users SAP* and DDIC in all clients
SCC5-Client Delete
To lock or unlock a client in R/3 System, run the following function modules in : transaction se37
Locked Information
SU01 -User accounts locked/unlocked (USR02 table ,uflage is 64-locked -> uflag is 0 unlocked )
SQL> COMMIT
SQL> UPDATE USR02 SET UFLAG = '0' where BNAME=’USERID’ AND MANDT=’CLIENT’
SQL> COMMIT
View Locked Transactions- SM01 (You need to look in field CINFO, table TSTC, you can use either SE11 or
SE16 to browse the table contents )
Brtools login:
cd d:\usr\sap\ser\sys\exe\run
set sapdata_home=d:\oracle\ser
set oracle_sid=ser
brtools
Brtools – db backup
Brconnect –u / -c –f cleanup
-v D:\backup
Brbackup –u /
Spool Management
Database Administration
Dbacockpit-
ST04 Database alert logs and Perform.
You can analyze the long running job using transaction SE30
II ) Maintenance includes monitoring the servers, background jobs, system performance and avoiding
bottlenecks in SAP environments.
He should be able to monitor and manage the servers, background jobs, performacne of the system
He should be able to monitor the status of work processes, application servers and system logs etc…
He should be able to create RFCs and should be able to configure TMS (Transport Management System)
Background jobs
ST06 Operating System Monitor, ideal for analyzing the performance of the entire SAP technology
stack.
ST07- useful in reviewing end users logged into the entire system
SMLG- to monitor how well SAP's logon load balancing is performing; use F5 to drill down into group-
specific performance data
performance relative to processes executing on every application and batch server within an SAP system
ST22- to review ABAP dumps and therefore identify program errors (to aid in escalating such issues to
the responsible programming team)
III ) Perform day to day BASIS admin responsibilities including troubleshooting, analyze load , alert
monitor and Configuration
Monitoring
Alert Monitoring
Configuration
Profile Parameters for Client Login and password security (RZ10, RZ11)
Important Tables
login/accept_sso2_ticket
login/certificate_request_ca_url
login/certificate_request_subject
login/create_sso2_ticket
login/disable_cpic
login/disable_multi_gui_login
login/disable_multi_rfc_login
login/disable_password_logon
login/failed_user_auto_unlock
login/fails_to_session_end
login/fails_to_user_lock
login/min_password_diff
login/min_password_digits
login/min_password_letters
login/min_password_lng
login/min_password_specials
login/no_automatic_user_sapstar
login/password_change_for_SSO
login/password_expiration_time
login/password_logon_usergroup
login/password_max_new_valid
login/password_max_reset_valid
login/system_client
login/ticket_expiration_time
login/ticket_only_by_https
login/ticket_only_to_host
login/ticketcache_entries_max
login/ticketcache_off
login/update_logon_timestamp
User administration
Objects TOBJ
Authorization Object Classes TOBC
Job processing
Spool
Runtime errors
Message control
Installation may include SAP R/3, ECC, Net weaver, Net Weaver components, Solution Manager etc..
Message
Coordinates the communication between different instances of a single SAP R/3 system. Used for Logon
purpose and load balancing
Dispatcher
Dialog
Interpreting the ABAP code and execute the business logic. Used for interactive online processing
Batch
Enqueue
Single “Central Lock Management Service” that controls the locking mechanism between the different
application servers and the database.
Update
Gateway
Used for transport of bigger amount of data between application servers as well as external (non SAP)
systems that communicate with SAP
Client 000 is the SAP source client, client 001 exists only on certain installations (e. g. solution Manager).
A “SAP lock” is named “enqueue lock”, the enqueue is on a much higher level, e. g. a complete sales
document is locked there whereas in the datbase usually only row locks exist. Since SAP runs on more
database than Oracle (thanx god) one needed to have a mechanism, that is database independent and
on a higher level.
Access method is the way the output device is connected to SAP system. The access method is specified
during the definition
ST02 is used only to monitor the memory related parameters like (buffer hit ratio, roll area, page area )
which in case on fulfilment will effect the performance of SAP.
ST04 we can completely do the database related monitoring like backup schedules, locks etc.
NT- Windows
UNIX
Startsap db
Startsap r3
Or
Startsap all
Stopsap r3
Stopsap db
Or
Stopsap all
Goto PFCG and enter the role which you want to transfer to other system.
Goto utilities->Mass download it will ask the path where to download/save that role on local desktop
give the location and save it.
Next logon to the system where you want that particular role. Go to PFCG-> Role -> upload.
Give the path where the role is saved. it accepts and generates successfully
2. How to check the missing authorisation for the user not having the option “su53″?
You can use Trace function, ST01, you can trace the user activity and from the log you can see the
authorization missing.
Start an authorization trace using the ST01 transaction and carry out the transaction with a user who has
full authorizations. On the basis of the trace, you can see which authorizations were checked.
Role and profile go hand in hand. Profile is bought in by a role. Role is used as a template, where you can
add T-codes, reports….. Profile is one which gives the user authorization. When you generate a role, a
profile is automatically created.
User role templates are predefined activity groups in SAP consisting of transactions, reports and web
addresses.
A role is a container that collects the transaction and generates the associated profile. A composite role
is a container which can collect several different roles.
For all the above specified we have to use pfcg transaction to maintain them.
Personalization is a way to save information that could be common to users, I meant to a user role… E.g.
you can create SAP queries and manage authorizations by user groups. Now this information can be
stored in the personalization tab of the role. (I supposed that it is a way for SAP to address his ambiguity
of its concept of user group and roles: is “usergroup” a grouping of people sharing the same access or is
it the role who is the grouping of people sharing the same access?)
su53 is the best transaction with which we can find the missing authorizations.and we can insert those
missing authorization through pfcg.
8. Someone has deleted users in our system, and I am eager to find out who. Is there a table where
this is logged?
There is a SAP delivered report that you can copy, remove the system type check and run. To do a
landscape with delete, enter the roles to be deleted in a transport, run the delete program or manually
delete and then release the transport and import them into all clients and systems.
It is called: AGR_DELETE_ALL_ACTIVITY_GROUPS.
To used it, you need to tweak/debug & replace the code as it has a check that ensure it is deleting SAP
delivered roles only. Once you get past that little bit, it works well.
10. How to compare the roles where created or defined in two different systems?
For role comparison both the roles must be in the same system, in same client
If the roles are in different system, then transport the role into one of the system and do comparison. If
no transport connection defined then, you can use the upload and download option in the PFCG
4. If there is any difference between the t-codes it will b in red color otherwise in yellow.
11. What is the procedure for creating new user which have all features define under SAP* user and
which could allow me to make the configurations?
1. Goto SU01 –
username : sapuser
|–>Create.
:Mr
4. Goto profiles.
5. Login with the new user. change the password. now this user contains all superuser authorizations
12. The administrator user cannot be used to log on to the J2EE Engine because it has been locked. How
will you correct the situation?
SAP* user account has full administrator authorizations, but this account doesn’t have a default
password. It must be specified when account is activated. Once SAP* is activated, no other user can log
in to the system.
You have all users locked onto ABAP system. How will you deal with this situation?
13. How would you copy all users from DEV to PRD?
Execute transaction SCC8 and select the profile SAP_USER. Then specify target system and schedule
background job. This will export all users from the source system in the form of request.
Now login to the destination system and enter tcode SCC6. Specify the request number generated while
exporting and click on “prepare import”.
Tablespace Coalesce
b.block_id
1.SAP Administration
2. Database Administration
2. Database Backup
3. Database Recovery
3. OS Space management
4. OS level background Job Management
5. Monitoring Processes
6. Monitoring Buffers
8. Monitoring Database
9. Monitoring Backups
Task
T-Code
6. Check whether any background jobs got canceled for any reason
Task
T-Code
4. Clean up Spool
3. Upgrading kernel
4. Change Management /applying notes
3. Data archiving
4. Technical Upgrades
5. Server Migration
Inventory Analysis