Professional Documents
Culture Documents
INTRUDUCTION:
Presentation Layer
3 Tier Architecture:
1. Application Layer:
It consists of – Application Layer
Process
Services
Data base Layer
Process:
1. Dialog – All the interaction between User and system, 0.6 sec.
2. Background – Long duration activities and Recurring activities (These
activities will take more than 0.6 sec).
3. Spool – Printer related activities.
4. Update – Updating Database – Create, modify or delete.
5. Enqueue – Following ‘Q’ while updating DB, else dead lock situation occurs.
Services:
1. Message – Used for Load Balancing among application servers.
No server is overloaded and Performance is high.
2. Gateway – Communication channel b/w 2 SAP systems or 1SAP and
1Non-SAP system.
User Gateway
Message
NON-SAP
system SAP SYSTEM
(ORACLE, Server 1 Server 2
Informatica)
The SAP R/3 System architecture consists of three layers: Presentation, Application, and Data storage.
The following diagram illustrates the functions (Request & Response) done by each layer and how the layers
work together:
Presentation:
This is where users of the SAP R/3 System will submit input to the SAP R/3 System for the
processing of their business transactions. It is also where the output from these transactions
appears as output fields, reports, tables and spread sheets.
Application:
This layer consists of Presentation Components, SAP Applications, Kernel & Basis Services
and ABAP Workbench.
1. Presentation Components: The presentation components are responsible for the
interaction between the R/3 System and the user. Based on the request received,
presentation components inform to the client system, which screen should be presented to
the end user.
2. SAP Applications: An appropriate SAP Application responsible for accomplishing the
request is identified by the presentation components & is provided to the kernel & Basis
services.
3. Kernel & Basis Services: It provides the run time environment to process the SAP
Application along with the data & return results to the end user.
4. ABAP Workbench: It is a development environment that provides the necessary tools to
develop new SAP Applications or customize the existing SAP Applications.
Database:
Each SAP R/3 System is linked to a database system, it consisting of a database
management system (DBMS) and the database itself. The applications do not communicate
directly with the database. Instead, they use Basis services.
SAP SECURITY AND GRC CONSULTANT
CLIENT ADMINISTRATION:
Client Data:
1. Client Dependent Data (Standard Data): T codes, ABAP codes
2. Client independent Data (Customized Data): Users, Transactional data, Business
data.
EX. – In Sales the T code used to create Sales order is comes under Client
Dependent data, where as the created Sales order comes under Client Independent
data.
Local Client Copy: Copying of data from Std. Client to Local Client is called Local Client
Copy, it should be done with in a system.
Remote Client Copy: Copying of data from Std. Client to Local Client is called Local Client
Copy, it should be done with another system.
SAP SECURITY AND GRC CONSULTANT
USER ADMINISTRATION:
It is the Daily activity which we performed in organisation.
As a Security Consultant we are responsible to create every USER ID.
It is all related to User Maintenance.
User Creation
User Modification
User Deletion
User Lock and Unlock
User Copy
User Password Reset.
Some Facts:
1. User ID Max length 12 Char.
2. User ID naming convention: differs from Org. to Org.
SU01 Tabs:
CREATE:
0 Not Locked
32 Global Lock (CUA)
64 Administrator Lock
128 Incorrect Logon locks
SAP SECURITY AND GRC CONSULTANT
Authorization Concept:
Authorization Permission or Privileges.
Authorization comes after User login to system. It decides the user job profile. Sales
user have permission to do Sales related activities only and HR user have
permission to do HR related activities etc.
Authentication Identity Check (User id / Password)
SU21 – T code for Auth. Objects. To check the Auth. Objects in SAP system.
SAP SECURITY AND GRC CONSULTANT
HR Member wants the below Access and he contacts us. Then we need to find the Auth.
Objects for below and combining the below Auth. Objects and create a role and assign to
User.
Appraisals – T1 – Auth. Object1
Recruitments – T2 – Auth. Object2
Payrolls – T2 – Auth. Object3
SE93: T code maintenance
SE38 / SA38: To Execute Program.
Below activities are performed under SU01 T code.
To create User: S_USER_GRP
To assign Roles to User: S_USER_AGR
To assign Profiles to User: S_USER_PRO
The above Auth. Objects are for a T code SU01 USER, then only he can do his job.
SE38: To maintain Programs – Create, Modify, Delete & Execute the Program.
SAP SECURITY AND GRC CONSULTANT
What is the Difference b/w SA38 and SE38 T-codes?