SAP SYSTEM REVIEW - CHECKLIST

System: SAPPROD64
Date: Week Starting 03/08/2018
Admin: Walter
Critical Tasks
Task Transaction - Procedure Check
Description off/ initial
Check that daily backups DB12 Check SAP database backup - Y
executed without errors. Database backup run time

02.08.2018 21:00:05 – 22:42.49

If Production, check that RSAUDIT_SYST Confirm that following are set: - Changes and Y
system is locked against EM_ENV – Transports for client-specific objects, set to: “No
direct changes. Select Client Changes Allowed” and Cross-client object changes,
400. set to: “No Changes to Repository and Customizing
Objects Allowed”

If Production, check Confirm that Global Setting is set to ‘NOT

overall System Change MODIFIABLE’
Option is set to ‘NOT
MODIFIABLE’ for
software components
(and name spaces)

R/3
Task Procedure Check
Transaction -
off/ initial
Description
Check that all SM51 – SAP Check that all servers are up. Y
application servers are Servers
up.
Check the CCMS alert RZ20 – CCMS Look for alerts. Review all Monitor Sets. Y
monitor (4.0+). Monitor (4.0)
Check work processes SM50 – Process All work processes with a ”running” or a ”waiting” Y
(started from SM51). Overview status
Look for any failed SM13 – Update Set date to one year ago Y
updates (update Records
Enter * in the user ID
terminates).
Set to ”all” updates

Check for lines with ”Err.”:

1
R/3 (contd.)Task Transaction – Procedure Check
Description off/ initial
Confirm that NO user SUIM - User -> Enter each of the following as the Transaction Code Y
has authorization to run Users by one at a time and execute:
the following Complex - SE16 (Direct changes to tables)
transactions Selection - SE16N (New version of SE16)
Criteria->By - SM30 (Direct changes to tables through
Transaction other means)
Authorizations - SE80 (Direct changes to programs)
- SE38 (Directly run a program in PROD
without assigned authorization)
- SPRO (makes direct Customization
Changes)

No staff username should appear in the lists that are

generated (any names that appear should be SAP
system or standard accounts).
Investigate any staff username that may appear by
seeking clarification from the BASIS Administrator or
Head IS Unit

Confirm that NO user SM20- Analysis Set date to current and set time to entire day. Y
has run the following of Audit Security
sensitive transactions Log Under the “Extras” tab, enter each of the following as
and, if they did, that the Transaction Code one at a time and execute:
requisite approval had - SE16
been obtained - SE16N
- SM30
- SE80
- SE38
- SPRO

Confirm with Head IT (or his designate) via email that

any name that appears did so after requisite approval
had been obtained.

- SU01 (User Admin - BA)

- STMS (Transport Management - BA)
- PA30 (Payroll Management – Nyanjom)
- PFCG (Profile Management - BA)
- SCC4 (Open Production for Direct Changes -
BA)

Check System Log SM21- System Set date and time to before the last log review. Y
Log Check for:
Errors Warnings
Security messages
Abends
Database problems
Any other different event

2
R/3 (contd.)Task Transaction – Procedure Check
Description off/ initial
Review the activities that SM20- Analysis Set date to current and set time to entire day. Y
the BASIS of Audit Security
Administrators have Log Set User to each of the BASIS Administrators, one at
carried out a time – currently these are KIBAS and MWALE –
and review the activities they have carried to ensure
that any transaction codes they have run are in line
with set approvals

Check users that have SUIM - User -> Enter STMS as the Transaction Code and execute Y
rights to import Users by Investigate any other staff username that may appear
transports (should only Complex by seeking clarification from the BASIS
be the BASIS Selection Administrator or Head IS Unit
administrator and his/her Criteria->By
alternate) – currently Transaction
these are KIBAS and Authorizations Enter S_TRANSPRT as the Authorization Object and
MWALE execute Y
Investigate any other staff username that may appear
SUIM - User -> by seeking clarification from the BASIS
Also ensure that only Users by Administrator or Head IS Unit
these two users have Complex
access to the Selection
S_TRANSPRT Criteria->By
authorization object Authorizations

Ensure that NO role has SUIM - User -> Enter S_DEVELOP as the Authorization Object and Y
the S_DEVELOP Users by execute
authorization object Complex If any users appear on the list, then drill down to the
assigned to it Selection role by clicking the username followed “In
Criteria->By Accordance with Selection”. Extract the list of users
Authorizations and those roles and seek clarification from the BASIS
Administrator or Head IS Unit
Y
Check Transport Log to Once a week ask the BASIS Administrator (currently Y
confirm what transports KIBAS or MWALE) to extract the log of the
were imported over the transports that have been imported into Production
review period and that over the last seven days. Compare the log with the
they were authorized. transport request forms that have been uploaded to
I:\SAP Transport Approvals
Confirm that all imported transports have matching
approvals. If not, escalate to Head IS Unit.

Task Transaction – Procedure Check

Description off/ initial

Review for cancelled SM37 – Select Enter * in User ID Y

and critical jobs Background jobs Verify that all critical jobs were successful.
Review any cancelled jobs. Y
Check for ”old” locks SM12 – Lock Enter an asterisk (*) for user ID. Y
Entry List Check for entries for prior days.
Check users on system SM04 – Users Review for an unknown or different user ID and Y
AL08 – Users terminal.
Check for spool SP01 – Spool: Look for spool jobs that have been “in process” for Y
problems Request Screen over an hour.
Check job log SM35 – Batch Check for: Y

3
 R/3 (contd.)Task Transaction – Procedure Check
Description off/ initial
input: Initial Jobs to be processed
Screen
Jobs in error

R/3 (contd.)
Task Transaction – Procedure Check
Description off/ initial
Review and resolve ST22 - ABAP Look for an excessive number of dumps. Y
dumps. Dump Analysis Look for dumps of an unusual nature.

Review workload ST03N – Y

statistics. Workload:
Analysis of
<sid>
Review buffer statistics. ST02 – Tune Look for swaps. Y
Summary

Database
Task Where Procedure Check
off/ initial
ST04 – DB Record the following: Y
Performance
Analysis  Database Size = 106GB
 Free Diskspace on Database drive (M) =
12GB
 Logfile Free Space (G) = 0.35MB
 Free Diskspace on Logfile drive = 10GB

Usage
Task Where Procedure Check
off/initial
Review Password SUIM -> User - Look for users that have not logged in for the last 90 Y
Change and Last Logon > By Logon days. Advise Head IT Unit to initiate lock or deletion
info Date and of account as appropriate.
Password
Change

Review list of ALL user SUIM -> User - Leave selection blank and execute. Ensure that all Y
accounts to ensure that > By Logon deleted staff accounts have been deleted. If in doubt,
all departed staff have Date and seek clarification from Head IT Unit, User Dept or
been deleted from the Password HRA. Also check that user account has been created
system Change for any recent staff arrival.

4
Operating System
Task Where Procedure Check off/
initial
Check that Windows Connect via Review dates of latest update Y
Updates are taking place RDC, Under
(these have been Control Panel,
configured to occur select Windows
automatically from the Update
WSUS server)
Review system logs for ST06 – OS Review operating system log Y
problems. Monitor
Event Viewer Look for any errors or failures. Y
Review system logs for
system log
problems.

Event Viewer Check for failed logon attempts to the SAP servers. Y
security log
Look for errors or failures. Y
Event Viewer Look for errors or failures. Y
application log

Database
Task Where Procedure Check off/
initial
Review SQL Server logs In SQL Go to Local->Management->SQL Server Logs Y
for problems – errors, Enterprise
attempted login etc. Manager, SQL
Server Logs
Task Where Procedure Check off/
initial
Test the Remote OSS1 – Click on “Logon on to SAPNet” icon. Y
Connection between the Connection Test
server and SAP
Run the TCC SE38 – Execute Enter Program name as RTCCTOOL. Execute, and
ServiceTools Update Program view output.
program (to confirm Need to install Addon ST-PI 740 and ST-PI 740
whether Service Tools are Support Package 2
update)
Review the weekly Early Go to SAP Login into http://service.sap.com using User: Done
Watch Alert report Service s0001724594, and corresponding password. Browse
Marketplace to in-box and access the report.
Message Centre

Remote Connection & Early Watch Alert

5
SAP Security – Default Accounts & Updates
Task Where Procedure Check off/
initial
Confirm that the Logon on to Client 000 using SAP* and DDIC. Y
passwords for the SAP* These accounts may be required when applying
and DDIC default Support Packages or other updates, and should
accounts in Client 000 therefore be readily available.
are unique and known Similarly, Logon on to Client 000 using SAP* and
DDIC.

Due to the 60-day de-activation setting, it is

necessary to logon on to these accounts, at least once
a month, to ensure that they remain valid.
Check for SAP Security Use Solution SAP Security Notes are accessed through SAP Y
Updates (Note: these Manager System Solution Manager under System Recommendations:
may also be indicated in
the weekly Early Watch
Alert report

Other
Task Where Procedure
Check off/
initial

Check Anti-virus Update Under the McAfee Select “VirusScan Console”. Under “Help” menu, Y
Program Group select About “VirusScan Enterprise” and confirm
the “DAT Created on” date.
31st July 2018
Confirm that Dept Heads Ask Head IT Unit to provide signed reviews within Y
have reviewed SAP the current calendar year
Rights at least once a
year (or as per policy)

Confirm that SAP Roles Ask Head IT Unit to provide signed reviews within Y
Matrix has been the current calendar year
reviewed (and updated)
monthly

Notes
Action Resolution
Problem