Sap Erp It 全般統制チェックリスト

SAP ERP IT

2008

2009 12

2009JSSAAll right reserved

1 SAP ERP IT 1

1.1 SAP ERP IT 1 1.2 SAP ERP IT 1 1.3 1 1.4 2

2 IT SAP ERP 3 2.1 SAP ERP Web 3 2.2 SAP ERP 4 2.3 SAP ERP 4 2.4 5

2.4.1 5 2.4.2 6 2.4.3 7

2.5 8 2.6 8

2.6.1 8 2.6.2 9

2.7 10 2.8 11 2.9 AIS 13 2.10 14

3 19 3.1 19 3.2 19

SAP ERP IT 21 4.1 22 4.2 23 4.3 27 4.4 31

5 34 6 60

6.1 60 6.2 60 6.3 60 6.4 60


1

1. SAP ERP IT

1.1 SAP ERP IT B 2007 ERP

SAP ERP

(SAP ERP ERP )

2007 SAP ERP

IT 19 3 30

IT SAP ERP (

SAP ERP )SAP ERP

IT

SAP ERP IT

2008

SAP ERPECC 6.0

SAP ERP IT

1.2 SAP ERP IT SAP ERP IT

SAP ERP ITGC

SAP ERP

SAP ERP IT

IT

ERP

2007

SAP ERP

1.3 IT


2

SAP ERP SAP ERP

SAP ERP

SAP ERP ITGC

SAP ERP IT

1.4 SAP ERP IT

()

ISU

ITC

IT


3

2. IT SAP ERP

2.1 SAP ERP Web SAP ERP Web

SAP 2.1-1

2.1-1 SAP ERP

Web

SAP ERP OS DBMS Web

OSDBMS

SAP ERP OS DBMS

OS SAP ERP WindowsUNIX

OS DBMD APIApplication Program Interface

SAP

ERP SAP SAP ERP OS DBMS

ERP

OS DBMS

SAP IT OSDBMS OSDBMS

SAP Web


4

Web

2.2 SAP ERP SAP ERP Web

3 ISO27001 A10.1.4

Audit Information System

2.3 SAP ERP 2.3-1 SAP SAP ERP

SAP

SAP ERP OS OS


5

AIS

Audit Information System

ERP

SAP ERP

2.3-1 SAP ERP

2.4

2.4.1 3 SAP ERP

ISO27001 A10.1.4

SAP ERP

2.4.1-1 SAP

3


6

2.4.1-1 3

2.4.2 SAP ERP

2.4.2-1

ID

2.4.2-1


7

2.4.3 SAP ERP

2.4.3-2

3


8

2.4.3-2

2.5

2.6

2.6.1 SAP ERP 3

Identification

Authentication

Authorizeion

2.6.1-1


9

SAP ERP

SAP ERP SAP Easy Access

2.6.1-1 SAP ERP

2.6.2 SAP ERP

ID ID SAP*DDIC

ID

SAP*


10

SAP*

ID SAP*SAP*

06071992 SAP*

SAP*PASS

SAP*

SAP SAP*

ID

SAP*

ID

SAP*SAP*

SAP*PASSSAP*

SAP*06071992

SAP*

SAP*PASS

SAP*

SAP*

ID login/no_automatic_user_sapstar

DDIC DDIC

ID

SAP* DDIC

2.7 SAP ERP 3

SAP ERP


11

2.7-1 SAP ERP

SAP ERP

SAP

SAP

SAP

2.7-1

2.8


12

2.8-1

SAP ERP

2.8-1


13

2.8-2

&B &A

&B &A

RFC/CPIC RFC/CPIC RFC &C ( = &A)

RFC &C ( = &A)

&A &A &A &A &A &A ( = &B) &A &B

&A &A &A &A &A / &B / &B / &B &A / &B &A &C &A &B

2.9 AIS

AISAudit Information SystemSAP ERP

SAP

4.6

2.9-1


14

SAP ERP

3 AIS ID

SAP_AUDITOR_SA_BC

SAP_AUDITOR_SA_BC_CCM_USR

SAP_AUDITOR_SA_BC_CUS_TOL

2.9-1

2.10 SAP ERP

2.10-1

2.10-1 ID

login/disable_multi_gui_login

1 R/3 ()


15

ID SAPGUI

login/failed_user_auto_unlock

1 () 0

login/fails_to_session_end

1 ID

login/fails_to_user_lock

ID

login/min_password_diff

(==> )

login/min_password_digits

(0-9) / 0 8

1

login/min_password_letters

/ 0 - 8

login/min_password_specials

/ ( !\@$%&/()=?`*+~#-_.,;:{[]}\\ ) 0 8

login/min_password_uppercase

login/password_downwards_compatibility 5 : (A - Z)

login/min_password_lowercase

login/password_downwards_compatibility 5 : (a - z)

login/min_password_lng

login/multi_login_users

R/3 ID ()

ID

login/no_automatic_user_sapstar

SAP*

login/password_comp ID


16

ID liance_to_current_policy

0 : 1 : "SERVICE" "SYSTEM" NetWeaver 7.0 ( 862989)

login/password_expiration_time

0

login/password_max_idle_initial

() "The initial password has expired; request a new one"

login/password_max_idle_productive

"" login/password_change_waittime login/password_expiration_time "Password was not used for a long period and therefore deactivated"

login/password_max_new_valid

ID 0 1

rdisp/gui_auto_logout

Web AS ABAP 7.00 NetWeaver 2004s :

8 40

40

( 8 )

Web AS ABAP 7.00 NetWeaver 2004s


17

8 32

()

z login/min_password_lowercase z login/min_password_uppercase z login/password_downwards_compatibility

: ( 5 ) (

)

5

(login/password_history_size)

( 100 ) ( 1)

(: )

login/password_change_waittime (: 1000 )

()

()

login/password_compliance_to_current_policy = 1

(

)ID

SERVICE SYSTEM ()

()

z login/password_max_idle_initial z login/password_max_idle_productive


18

:

""

(:

)

z ": " z " - "

z login/failed_user_auto_unlock : 0 (1 )

z login/fails_to_user_lock : 5 (12 ) 5

z login/no_automatic_user_sapstar : 1 (0 )

z login/min_password_lng : 6 (3 ) 6

z login/ticket_expiration_time : 8 (60 ) 8


login/password_max_reset_valid login/password_max_idle_initial


19

3 3.1

3.1-1

3.1-1

3.2

(1)

3.2-1

RFC


20

(2)

A

B A

C

A

B C

(3)

OKNG

3.2-2


21

4 SAP ERP IT

4

1.

2.

3.

4.

5.

6.

4-1


22

4.1

Web

3

4.1-1


23

4.2

SAP

1 4

5 9

1013

1417

1821

2224

2528

2931

COBIT for SOX

SAP

4.2-1

31

6

11


24


25

4.2-2

1

2

3

4

5

6,7,8

9

10

11,12

13

2

3

2,3,4

14

15,16

17

2009/06


26

4.2-3

2,3,4

18

19,20

21

2,3,4

22

23

24

25

26,27

28

1

29

30

31


27

4.3

1 ID

OS ID

ID ID

ID

2

OS

3

4 ID

ID

5

ID


28

11 1N N1

4.3-1

33

1

2

6

13

17

21

ID /

?

ID

?


29

4.3-2


30

4.3-3


31

4.4

SAP

8

1

2

3

4

5

5 SAP

7 OS

8

COBIT for SOX


32

4.4-1

3-(2)--

6 SAP

SAP

SAP

SAP

RZ20

SM21

SM13

ABAP

ST22

No1

No28


33

4.4-2


34

5

SAP ERP 5-1

ABAP Advanced Business Application Programming Language SAP ABAP COBOL ABAP ABAP SAP ABAP Advanced Business Application Programming. The SAP programming language.

ABAP-OO ABAP Object-Oriented ABAP Component of the ABAP programming language that allows object-oriented programming on the basis of classes and interfaces.

ABAP ABAP Editor ABAP The ABAP Editor enables you to create, test and change ABAP programs, function modules, screen flow logic and logical databases. The ABAP Editor provides functions to support program development, as well as normal text operations such as insert, find, and replace. You can use the ABAP Editor in the following modes: Editor control mode PC mode with line numbering PC mode without line numbering Command mode

ABAP SAP Query A tool that allows users who have no knowledge of the ABAP programming language to define and execute their own reports. To determine the structure of reports in SAP Query, you just have to enter texts, and select fields and options. If necessary, you can edit lists using Drag&Drop and the functions in the available toolbars.

ABAP

ABAP dictionary SAP ABAP ABAP A directory containing data. An ABAP dictionary contains the following information: Description of all application data for an enterprise Relationships between the application data Use of the application data in programs and screen templates The descriptive data for the ABAP Dictionary is also known as meta data since is represents data about data.


35

ABAP ABAP program ABAPABAP21 SE93 2 SAP ID 'R'RFBILL00 FIBSPL

ABAP

ABAP workbench ABAP CASEComputer Aided Software EngineeringSAP SAP Integrated graphical development environment in the SAP System. The ABAP Workbench allows you to develop, modify, test, and manage client/server applications written in ABAP. The ABAP Workbench tools enable you to: Write ABAP code Create user interfaces Check applications for errors Create and access database information Create Internet services

ACID Atomicity, Consistency, Isolation Durability Atomicity Consistency Isolation Durability

ALOG ALOG ALOG ALOG log ( bin ) ALOG$ ( syear)$ ( yweek) 2 SLOG

APPC Advanced Program to Program Communication Protocol developed by IBM as part of its Systems Network Architecture (SNA). The protocol is designed to be enable application programs running on different computers to communicate with each other and exchange data.

BAPI Business Application Programming Interface SAP CORBADCOM SAP BAPI BAPI ID API A standardized programming interface that facilitates external access to business processes and data in the SAP System. You define Business Application Programming Interfaces (BAPIs) in the Business Object Repository (BOR) as methods of SAP business objects or SAP interface types. BAPIs offer an object-oriented view of business components in the SAP System. They are


36

implemented and stored as RFC-enabled function modules in the Function Builder of the ABAP Workbench.

BAPI ActiveX ActiveX control that enables external applications to access business functions in the SAP System by calling BAPIs through OLE Automation. OLE-enabled client programs access proxy objects, which are instances of SAP business objects managed by the BAPI ActiveX control. These proxy objects correspond to real SAP business objects stored in SAP's Business Object Repository (BOR). The actual details of the process are invisible to the client program, because the data structures exported from the SAP System through the BAPI ActiveX control are encapsulated in objects.

BAPI The BAPI Browser displays all the business objects, for which BAPIs have been implemented. BAPI

BC Basis Component 46D SAP FICOSDMMPP SAP SAP

BC Business Connector A middleware application based on the B2B integration server from webMethods. The SAP Business Connector enables both bi-directional synchronous communication and asynchronous communication between SAP applications and SAP and non-SAP applications. The SAP Business Connector makes all SAP functions that are available via BAPIs or IDocs accessible to business partners over the Internet as an XML-based service. The SAP Business Connector uses the Internet as a communication platform and XML or HTML as the data format. It integrates non-SAP products by using an open, non-proprietary technology.

BDC Batch Data Communication BDC SAPBDC BDC BDC LSMW)BDC LSMW

CCMS Computing Center Management System SAP SAP CCMS provides intergrated tools for the monitoring and administration ofSAP system landscapes. It covers the following task areas: System monitoring over the whole landscape Determining and displaying statistical data System management (e. g. starting and stopping of SAP systems, configuration, printing, background processing, resource management, database administration)


37

CCMS CCSV Customizing Cross System Viewer

4.6

CMS Contents Management Service Web Web

CPI-C Common Programming Interface-Communication IBM Standardized interface for system-wide communication between programs. (Common Programming Interface-Communication). The protocol can be divided into four areas: Session setup Session control Communication End of session

CTO Change and Transport Organizer(/) C A set of tools in the SAP System for managing development projects in the ABAP Workbench and in Customizing, and for preparing and managing transports between SAP Systems.

CTS Change & Transport System (BC-CTS) / A set of tools in the SAP System for managing and transporting ABAP Workbench and Customizing changes made in systems in the SAP System landscape and distributed between these systems. Correction & Transport System SAP Change & Transport System

CUA Central User Administration SAP ALE SAPAPOCRM SAP CUA () CUA SAPEnterprise) () The maintainenance of users in a central system. A system group includes several SAP systems with several clients. The same users are often created and the same roles assigned in each client. Central User Administration is designed to perform these tasks in a central system and distribute the data to the systems in the system group.

DDIC SAP*SAP DDIC ABAP SAP 000 001 DDIC 000 001 DDIC 19920706 DDIC SAP*

DFD Data Flow Diagram

DIA Dialog work process SAP GUI

Dynpro Dynamic Program Dynpro ID Dynpro PBO(Process Before Output)PBO PAI (Process After Input)


38

PAI Exit SAP Exit

EXIT 4.6A Exit Exit Exit SAP EXIT Dynpro Exit SAP EXIT SAP SAP Dynpro Dynpro Exit Exit SAP EXIT SAP CALL CUSTOMER-FUNCTION 001 Exit ABAP EXIT F1 CMOD Program interface at which additional methods can be inserted without modifying the original object. Java component comparable to Business Add-Ins, User Exits, Customer Function Calls.

LSMW Legacy System Migration Workbench SAP LSMW SAP An SAP system tool that supports one-time and periodic data transfers from external systems to SAP systems. The Legacy System Migration Workbench facilitates the conversion of data to the necessary format. Technologies supported include Batch Input, Call Transaction, Direct Input, BAPIs, and EDI. The Legacy System Migration Workbench is only available as an add-on. Additional data transfer tool: Data Transfer Workbench (DX-WB).

PAI Process After Input DynproDynpro

PID Parameter ID PID PID F

QA SAP

RFC Remote Function Call CPI-C SAP RFC RPC IDRFC Export,Inport Call of a function module that runs in a different system (destination ) from the calling program. Connections are possible between different SAP systems and between an SAP system and a non-SAP system. In non-SAP systems, instead of function modules, special programmed functions are called, whose interface simulates a function module. We distinguish between synchronous, asynchronous, and transactional function calls. The called system is accessed via the RFC interface. RFC


39

RFC Remote Function Call RFCSAP RFC RFC SM59RFC

SAINT SAP Add-On Installation Tool SAP Tool that allows you to install and upgrade add-ons directly from the SAP System

SAP GUI SAP Graphical User Interface SAPSAPSAP GUI (SAP GUI SAP SAP GUI Windows JAVA HTML SAP system software component on the presentation server. Represents the SAP-specific GUI of the ABAP-based application server applications and supports additional functions on the presentation server, such as GUI controls or OLE automation.

SAP GUI SAP GUI SAP system software component on the presentation server. Represents the SAP-specific GUI of the ABAP-based application server applications and supports additional functions on the presentation server, such as GUI controls or OLE automation.

SAP LUW SAP Logical Unit Work SAP LUW LUW LUW SAP SAP LUW Logically connected unit of dialog steps whose database changes are executed within a single database LUW. SAP LUWs are realized using bundling techniques in which update function modules or subroutines are registered in different work processes and executed by a single work process. A SAP LUW is ended using the Open SQL statement COMMIT WORK . Changes within a SAP LUW can be undone using the Open SQL statement ROLLBACK WORK.

Web

SAP Web dispatcher (Internet Communication Manager (BC-CST-IC)) The SAP solution for load balancing of Web requests. If more than one instance of the SAP Web Application Server is being used at any one time, the SAP Web dispatcher accepts requests from the browser and forwards these to the application server that currently has the most capacity. The choice of application server is based on information from the SAP Message Server. Administration is thus made much easier, as there is only one point of entry (IP address, HTTP port, and so on) to the SAP system.

SAP* SAP* SAP ID ID SAP* SAP SAP* 2 SAP*PASSSAP* SAP* SAP* SAP* SAP*06071992 SAP* ID DDIC

SAPconnect SAP SAP FAXSMTPX.400SMS The RFC interface for integrating external communications with the SAP System. SAPconnect enables third-party vendors to connect their communication servers to the SAP System. The following communication methods are supported: Fax


40

Internet (SMTP) X.400 Paging (SMS) R/3 to R/3 Printer

SAPExchange

MS Exchange Server SAP

SAP SAP SAP ABAP ABAP A tool that allows users who have no knowledge of the ABAP programming language to define and execute their own reports. To determine the structure of reports in SAP Query, you just have to enter texts, and select fields and options. If necessary, you can edit lists using Drag&Drop and the functions in the available toolbars.

SAP SAPscript SAPSAPSAPSSP A tool for text management and form printing. SAPscript consists of the following components: An editor for entering and editing text Styles and forms for designing the print layout A composer, which is the central module for output formatting A programming interface for integrating SAPscript components in your own application programs and programming the output using forms Various database tables for storing texts, styles and forms

SAP SSCR

SAP Software Change Registration SAP SAP SAP SAP SSCR SSCR Procedure that registers modifications to SAP Repository objects and thus provides an overview. SAP Software Change Registration does not register SAP matchcodes and tuning measures (such as the creation of database indexes and buffers).

SLO System Landscape Optimization SLOG R/3

SLOG SLOG SLOG log ( bin ) SLOG$ ( syear)$ ( yweek).$ ( system) 2 ALOG

SPP service parts planning

SQL Structured Query Language SQLSQL SQL SQL

TMS Transport Management System


41

TMS

TMS QA QA QA QA

TPPARAM TP global Parameter file UDDI UDDI Web

UME SAP User Management Engine

Java-based user management component that features centralized user management, Single Sign-On, and secure access to distributed applications

VB VerbuchenUpdate WAS Web Application Server

Web AS "WAS"

WBO Work Bench Organizer Tool for managing central and decentralized development projects in the ABAP Workbench. The Workbench Organizer is part of the Change and Transport Organizer (CTO). CTO

Web AS Web Application Server NetWeaver WASABAPHTTPXML WAS isThe SAP NetWeaver application platform. SAP Web Application Server supports native Internet technology such as HyperText Transfer Protocol (HTTP), eXtensible Markup Language (XML), as well as the Java and ABAP programming languages. SAP Web Application Server facilitates the development of Web applications with server-side scripting technologies, provides a scalable and reliable Web application infrastructure that delivers Web services at high performance, ensures that an e-business solution is always online, and supports Web access via a Web browser and a range of mobile devices.

WIF Work Flow Information System WP Work Process

Archive Object

Archive Link SAP BC SAP

Add in A location in a program defined by the developer where software recipient layers such as industries, partners and customers can insert additional code without modifying the original object. Business Add-Ins enable you to distinguish between enhancements that can have no more than one implementation and those that can be actively used by any number of customers at the same time. You can also define Business Add-Ins that depend on a filter value. You can create Business Add-Ins at every level of a multi-level system infrastructure. You edit Business Add-Ins in the BAdI Builder.

add on SAP YZ


42

Transport

SAP ABAP SAP SAP The transfer of SAP System components from one system to another. The components to be transported are specified in the object list of a transport request. Each transport consists of an export process and an import process: The export process reads objects from the source system and stores them in a data file at operating system level. The import process reads objects from the data file and writes them to the database of the target system. The SAP System maintains a transport log of all actions during export and import.

/

Change and Transport Organizer (CTO) ABAP SE10)SE09)SE01)C SE01) A set of tools in the SAP System for managing development projects in the ABAP Workbench and in Customizing, and for preparing and managing transports between SAP Systems.

/

CTS

Transport Request OS SAP Document for copying corrections between different system types. A transport request records released corrections. When the request is released, the transport is performed. For example, you can transport corrections from an integration system to a consolidation system.

Transport organizer 46C A tool for managing centralized and decentralized ABAP Workbench development projects and Customizing projects.SE01) : / - - - - ( / / SE01

transportable change request Change request that is transported to the target system defined by the system settings after release.

transport group SAP All SAP Systems connected by transport routes. A system group can include several transport groups or transport domains. While the transport


43

domain is an administrative unit, and the transport group a technical unit, the system group is a logical unit.

Transport Directory SAP OS UNIX /usr/sap/trans Windows NT $(SAPTRANSHOST)sapmnttrans SAPTRANSHOST bin: tp TMS (tp: TP_.PFLTMS: DOMAIN.CFG) data: olddata: log: actlog: buffer: cofiles: Exit sapnames: SAP EPS: tmp: A directory that manages all data to be transported between SAP systems.

transport domain SAP SAP 1 SAP All SAP Systems that are managed jointly by the Transport Management System. All systems in a transport domain have the same settings as the Change and Transport System.

transport domain controller RFC SAP ( TMS DOMAIN_ ( ID) SAP TMS SAP SAP System in which the transport route configuration is maintained centrally for all systems in the same transport domain.

Transport Route SAP SAP 3 Z ( ID) () SAP "SAP"

Transport Layer


44

SAP / SAP SAP A means of determining the integration and consolidation system for objects to be transported. A transport layer is assigned to each development class and thus to all objects in that class. The transport layer determines: In which SAP System developments or changes to Repository objects are made Whether objects are transported to other systems within the group when development work has been completed

mass transport Transport where all requests queued for import are imported into the target system collectively.

(GA )

unrestricted shipment phase SAP (FCS)CA(Controlled Availability) Second delivery phase for a new software release. During this phase, all customers can obtain the new release. (FCS)

Instance SAP SAP DVEBMG S DVEBMGS00 SAP SAP instance An administrative unit that groups components of an SAP system that provide one or more services. These services are started and stopped at the same time. All components belonging to an instance are provided with parameters using a common instance profile. A central SAP System consists of a single instance that includes all the necessary SAP services. SAP ITS SAP ORACL

instance profile Profile that contains application server-specific configuration parameters to complete the set values of the default profile.

Instance parameter

Internet Transaction Server ITS


45

ITS

integration system A system in the SAP System group where objects are usually developed and then transported to the consolidation system. Each Repository object is assigned to an integration system by its package (formerly development class) and transport layer. The integration system should consist only of separate test or development systems where SAP application programs are not being used in a production environment.

Web

Web Application Server Web AS

enqueue SAP SAP ABAP SAP SAP SAP SAP

Object Oriented Programing ABAP O-O ABAP Object-Oriented

development class Enterprise

development system

developer key ID DEVACCESS

external session SAP GUI TSS 6 An instance of an SAP window within the SAP GUI on the application server. When you log on to the SAP System, the system opens an external session. You can then open up to five more sessions, which all behave like separate logons to the SAP System. The number of the current external session is displayed in the status bar.

Customer Enhancements Exit SAP SAP ABAP SAP Exit Exit


46

An adjustment to the standard SAP system, requested by the customer. SAP designs empty modification modules at particular points in the standard system where customer enhancements are anticipated. These modules, known as exits, can be filled with customer-specific logic. Exit

extended transport control .(: WAJ.610) A function of the Transport Management System (TMS) that allows you to define client-specific transport routes and target groups. /(: /TQASGR/)

SAP

virtual SAP System SAP SAP SAP TMS SAP System configured as a placeholder for an SAP System that has not yet been configured. You can define transport routes for virtual systems, and create and display the import queue.

repair SAP SAP SAP SAP Repository objects that are changed in a system other than their original system are entered in repairs. Objects can be transferred from their original system by transports.

functionality release CA SAP SAP GA

client / SAP ASP SAP BOX 1000 SAP


47

ABAP SAP 3 SAP / BOX / In commercial, organizational and technical terms, selfcontained units in an SAP system with separate master records and its own set of tables. 3 digit number E.g. 000, 001 and 066 One or more clients per SID.

/

Client/ Server System / SAP 3 /3 /3 3 /

client transport SAP

client-dependency transport request SAP SAP 4.5

client-dependency data Specific only to one client. Settings in Client Dependent tables relate only to the client, which was accessed during the log on process. Such tables contain the client number in the tables key. (MANDT field)

client copy SAP A function for copying a client. This applies in particular to copying the entire Customizing context (environment) of a source client to a target client, either within one SAP system or to a different SAP system. The system settings determine what is to be copied.

client-indipendent, cross-client ABAP


48

client-independent customize parameter IMG

authorization maintenance function SAPSAP Windows SAP SAP

authorization concept Windows SAP The structure and functions associated with authorization assignment and checking in SAP systems. You use authorizations to protect the system from unauthorized or unwanted access.

authorization profile HR Authorization profiles give users access to the SAP System. They contain authorizations, which are identified using the name of an authorization object and the name of an authorization. If a profile is specified in a user master record, the user is assigned all of the authorizations defined in this profile.

language transport Transport that imports translated texts into a target system

maintenance view SAP SM31 IMG View type in ABAP Dictionary. You can use a maintenance view to maintain data that is distributed over several tables at the same time. IMG

code page SAPLOGON 8000

Transport of copies SE01)


49

SAP Transports of copies allow you to transport (sub-)objects in an object list into any other SAP System you want. In contrast to Workbench or Customizing requests there is no automatic delivery into other systems for transport of copies.

commit LUWLUW

consolidation system 3 2 A system in the SAP system group that receives transports of tested, stable developments from the integration system. The consolidation system can be a quality assurance system where final testing takes place or, in the case of minor developments, a production system. consolidate []

consolidation route SAP The regular transport path of a Repository object from the integration system to the consolidation system. The consolidation route is specified for each Repository object in the package (development class) and transport layer.

server /

sand box client


50

system landscape SAP SAP 3 SAP SAP

Central User Administration CUA The maintainenance of users in a central system. A system group includes several SAP systems with several clients. The same users are often created and the same roles assigned in each client. Central User Administration is designed to perform these tasks in a central system and distribute the data to the systems in the system group.

schema 3()()

session

central instance SAP 1 SAP The application services for the SAP System, including the enqueue and message services, that are located on a single host machine. Typically, the central instance has multiple work processes for the dialog, update and background services. The machine on which it runs is called the central host.

central Host

operation mode SAP CCMS JOB

solution manager SAP SAP

2

3

/


51

SAP SAP SAP SAP SAP

dialog program UPDATE Dynpro A dialog program consists of an ABAP program of the type "module pool", screens, and a transaction code for calling the program. There is also a graphical user interface that offers a number of functions. You can start a dialog program with a transaction code. However, the transaction code is often incorporated into an area menu.

dialog program

dispatcher Central process on an application server. In addition to other tasks, the SAP dispatcher is responsible for the following principle tasks: Initialization, reading profile parameters, starting work processes and logging on to the message server Evenly distributing the transaction load across work processes Connecting to the GUI layer Organizing communication processes

data archive SAP

Data Transfer Workbench CA-GTF (General Application Functions) A central SAP tool for organizing and performing data transfer to the SAP System. The Data Transfer Workbench supports various business objects such as customers and master data. Technologies supported include Batch Input, Call Transaction, Direct Input, and BAPIs. An additional tool for data transfer is the Legacy System Migration Workbench (LSMW). SAP B1 Migration tool that can be used to migrate master and transaction data from legacy systems into SAP Business One. The Data Transfer Workbench offers pre-defined data file templates to simplify the data preparation process.

data model SAP AHR H A


52

R

default profile A profile that contains values that apply to all application servers. There is always one active default profile that is defined, like all profiles, in the SAP R/3 global profile directory. The default profile is also known as the system profile. system profile

delivery system SAP SAP

delivery system A function where there is development in distributed systems. A delivery system must be linked to a consolidation system. By means of this link, the delivery system continually receives copies of transports performed in the consolidation system. Delivery systems are usually production systems.

delivery route

transparent table SAP DBMS 11 SAP DBMS 11 11

transaction code VA01FB50SE15 TSTCT SAP SE93)

transaction processing //// JOB SAP

transaction variant A alternative of a transaction in the SAP System. You can create different variants for the same transaction. This enables you to simplify transaction flows by: Preassigning values to fields Suppressing and changing the readiness for input of fields Suppressing whole screens A transaction variant consists of a number of screen variants.

internal session Instance of an ABAP program within an external session. External procedure calls allow you to load several ABAP programs in an internal session. Program calls open their own internal sessions.


53

naming convention SAP 'Y''Z'

backup transport domain controller

background processing Processing that does not take place on the screen. Background processing enables you to process data in the background while executing other functions in parallel on the screen. Although background processes are not visible to the user (there is no dialog), they have the same priority as online processes. JOB RZ01 JOB SM36 JOB SM37 SM50

Package A container for semantically related development objects. A package consists of subpackages and development objects (programs, tables, screens, function modules and classes), that are developed and transported together. Packages are characterized according attributes including nesting, interfaces, visibility, and use access. You can create and manage packages with the Package Builder. Packages replace the previously used development classes.

patch SAP () SPAMSAP Patch Manager SAPM patch

batch input


54

SAP BDC Call TransactionBDC BAPI SAP IDoc 1SQLSAP DB 2 BDC A data transfer technology that enables the transfer of large volumes of data to an SAP System using the online transaction. A batch input session is created for this purpose which you can then process using the Batch Input Monitor. Additional transfer technologies: Call transaction, direct input, EDI and BAPIs.

Batch Processing JCLJob Control Language SAP SM36SM37

patch type PATSPAM SAP FFDFCS (FFDP)FFDP FCS COP(SAP_BASISSAP_HRSAP_APPL )SAP_HR BWPSAP (BWP)SAP SAP (SAP_BW) AOP CRT(CRT)CRT IS-IS IS-OIL HOT SAP SAPNet-SAP

function module SAP SAP SAP


55

ABAP An external subroutine written in ABAP. Developed in the Function Builder, they are managed in a central function library, and can therefore be called from any ABAP program. This helps to avoid redundant code and makes the programming process more effective. In contrast to FORM routines, function modules have the same standard interface.

Argument Call by ValueCall by Reference

business connector SAP IDoc XML/HTML SAP 3.1 SAP Web A middleware application based on the B2B integration server from webMethods. The SAP Business Connector enables both bi-directional synchronous communication and asynchronous communication between SAP applications and SAP and non-SAP applications. The SAP Business Connector makes all SAP functions that are available via BAPIs or IDocs accessible to business partners over the Internet as an XML-based service. The SAP Business Connector uses the Internet as a communication platform and XML or HTML as the data format. It integrates non-SAP products by using an open, non-proprietary technology.

BC

asynchronous update SAP SM13

view ABAP JoinProjectionSelectionRead Only Join Projection Selection1000 Virtual table that contains no data but is an application-specific view of one or more tables in the ABAP Dictionary. When you create a table, you assign a key to it. However, the fields in the key may be inadequate for solving some problems, so you can generate a view from several tables or parts of tables.

quality assurance system 3 System into which tested, stable development versions and the parameters of the Customizing objects are transport from the development or test system at defined events.


56

This is the basis for performing the final test in this system. fire wall

LAN Firewall SAP

playground client

Profile generator

profile parameter SAP

Basis component SAP Enterprise Web AS FICOSDMMPP SAP SAP SAPSAP Web

change request ABAP // SPRO_ADMINSE10 SAP

change management ABAP SAP SAP ASAP ASAP

changeover key ID ADIRACCESS

go live system SAP

name range

naming convention SAP YZ


57

modify

modification SAP SAP

modification assistant Tool for supporting adjustment of the SAP standard. The Modification Assistant ensures that the upgrade is simplified. You can go to a special modification mode if you access the ABAP Workbench editors when modifying objects of the SAP standard. The original object is protected in this mode and can be changed only with additional actions. The Modification Assistant logs changes, providing a fast and detailed overview of the modifications and reducing the load during upgrade.

user master SAP SAP SAP

repository SAP

repository object ABAP Dynpro,

Remote function call RFC

report SAP ABAP program that implements the reporting - that is, it reads data and displays it. It is usually an executable program and the program starts with the REPORT statement, in which event blocks are implemented for the reporting events and which displays the data in a list.

local object SAP Development object created for private use. Local objects belong to the development class $TMP. They are not transported to other systems. You can access the local objects of other users as well as your own.

local change request SAP


58

role SAP The collection of activities that a person performs to participate in one or more business scenarios in an organization. Access to the transactions, reports, Web-based applications, and other objects contained in roles is through user menus. mySAP.com Workplace provides the user access using a Web browser to a role-based portal for completing his or her tasks.

rollback LUWLUW SAP

lock

lock object SAP SAP SE11 SM13 Object type in the ABAP Dictionary. When you activate a lock object, you generate function modules that set and release locks. You can use these function modules in ABAP programs.

lock table A table stored in the main memory of the enqueue server which contains entries for the current locks in the system. Each lock includes the owner of the lock, the lock mode, and the name and the fields of the locked table.

Logical database ABAP Runtime Environment (BC-ABA) Special ABAP program that provides other ABAP programs with data from the nodes of a hierarchical tree structure. Is either linked in the program attributes of an executable program or called using the function module LDB_PROCESS. A logical database has a structure with nodes, a database program written in ABAP, and its own standard selection screen . Logical databases are maintained in the Logical Database Builder.

Logical Unit of Work Period of time between two consistent states on the database. SAP LUW

work process DIA UPD BGD SPO ENQ


59

A process that as a component of an application server executes an ABAP application. To process SAP requests from several front ends, an SAP application server has a dispatcher, which collects the requests and forwards them to work processes for execution. There are the following types of work process: DialogFor executing dialog programs Update, Upd2For asynchronous database updates Background (batch)For executing background jobs EnqueueFor executing lock operations SpoolFor print formatting Work processes can be assigned to dedicated application servers. In the service overview (SM51), you can see which work process types are provided by the individual servers. Each work process is logged onto the database system as a user for the entire runtime of the SAP system. Each work process is assigned for the duration of a dialog step to an ABAP program.

work bench organizerWBO) Invalid as of Release: 46C ABAP /CTO46C CASESAP Tool for managing central and decentralized development projects in the ABAP Workbench. The Workbench Organizer is part of the Change and Transport Organizer (CTO).


60

6 6.1

6.2

6.3

6.4


2009/12 1


2009/12 2

( P89


2009/12 3

ERP

1.

A

ERPERP

2. /

A /

/

x

x

x x

x x /

x

/


2009/12 4

ID

3. A

( 000001066 ) DEV QA PRD

//

000001

066

4.

A 3

/

/

STMS

3


2009/12 5

5. A ? ( 000001066 )

000001066

/

SCC4

000 001 066

( 000001066 )

6. A

PRD SAP

SAP

QA

()

SCC4


2009/12 6

B

CATT eCATT eCATT CATT eCATTFUNABAP CATT eCATTFUNABAP CATT

RFC eCATT CATT RFC eCATT CATT eCATT CATT QA


2009/12 7

B

SAP


RFC eCATT CATT RFC


2009/12 8

eCATT CATT eCATT CATT DEV SAP

eCATT CATT


2009/12 9


RFC eCATT CATT RFC eCATT CATT eCATT CATT

eCATT CATT eCATT CATT

eCATT CATT

A ?

SCC4

7.

A ? and/or and/or ?

SM30 SCCSCC9

SCC3 and/or SCC4


2009/12 10

8. B ?

?

1 SAP

?

9. B

10.

B

?

QA

QA


2009/12 11

?

CATTeCATTComputer Aided Test Tool

RFC

RFC

RSUSR002RFC SM59

RFC SM20

11.

RFC

B

RFC

/


2009/12 12

RFC

OS

OS OS

OS OS

OS SM69 OS DELETE

OS SM69 OS SM49

SM69 SM49

OS

12. OS

A

OS

OS

13.

A

SM01

/

SE11 ABAP SE15

ABAP SE16 SE17 SE38


2009/12 13

SE8X ABAP

SM30 SM31

SPRO

SE06 SU01 RZ10

SM49 SM69

SA38

AISAudit Information System

S_ALR_87101283 -

SM19

SM20

OS


2009/12 1

1. 2. 3.

4.

5. 6.


2009/12 2

1.

A

SAP 2 ID ID

SAP

ID SAP

x ID SE17 DEVACCESS Char20 X

x

x

2.

A

x

x SE15 Z*Y* From To

x


2009/12 3

x

SE93 Z*Y*

x

S_ALR_87101287 //Transact ID ABAP AUTHORITY-CHECK

x SA38 RSCSAUTH

x

SE17 TDDAT Z* X

3.

A

SAP SAP

x SE15


2009/12 4

not Z*Y* From To

SE15 ABAP not Z*Y* From To

x

4.

A

SAP ID

x SAP SAP

x

5.

A

x

x

x


2009/12 5

?

QA QA

ID ID

x SAP

ID

x

x

6.

A

x


2009/12 6

x

7. B

8. B

SAP x SAP

ID

x

9.

B

?

?

x

x

x

10

A

x SAP

x SAP

x SAP


2009/12 7

?

x

SAP

x SAP

x ( Exit Exit)

x

x SE95

x

x

11 B SCCR

x

x

4.6

12 A

x

13

B ?

x


2009/12 8

?

14

A

?

x

x

x ()

x

x

x

x

x


2009/12 9

15 A

x

x

x

x

16

B x x


2009/12 10

17

B

x

18

A

x

x

19

A

SAP (STMS)

IT

x

x

() STMS >

x 0 ()


2009/12 11

x

20 C

?

SAP ?

tp

x tp

x tp

21

B

?

?

x

x

x A S_ALR_87101261 S S_ALR_87101262

22

A

x


2009/12 12

x

23

A

24

B

25

B

?

x ASAPSAP


2009/12 13

A

26 B ? ?

x

x

27

B ?

x

28

B

29

A

ERP ERP ERP ERP ERP

ERP ERP

x

x


2009/12 14

30 B SoD

x

SA38 RSUSR002 S_TCODE SE10 AND 2 S_TCODE SE38 AND 3 S_TCODE STMS 2 SA38 RSUSR002 S_TCODE SE10 AND 2 S_TCODE SPRO AND 3 S_TCODE STMS

31

B SoDID

x SE10SE38STMS

x

SE10SPROSTMS RSUSR002


2009/12 15

ID


2009/12 1


2009/12 2

COBIT DS5

0 IT IT

IT IT

1

/

I IT IT IT IT IT

2

IT IT IT IT IT IT

3

IT IT IT IT ()IT

4

IT IT IT IT IT IT IT

5 IT IT IT


2009/12 3

1. A

ID

ID ID

SAP ERPID

2.

A ID /?

? :

ID

() SAP


2009/12 4

ID ? ? ?

'A'

1

'B'

(-> ) (->ALETMSCUA ) (SAP GUI ) SU01 ( -> )

'C'

(-> RFC CPIC) (SAP GUI ) () (RFC/CPIC ) RFC USR_USER_CHANGE_PASSWORD_RFC RFC API RfcOpenEx()

'S'

ITS Web ( SUSR_INTERNET_USERSWITCH


2009/12 5

)

'L'

"$" SU_REFUSERVARIABLE CUA CUA

3.

A ID ID

: ID:

ID ID

4. RFC

B RFC

RFC

RFC RFC

RFC


2009/12 6

RFC

5. B ? ?

6. ID

A ID?

ID

SAP SAP

7.

B

USR40

USR40

8.

B

USERS_SSM ID


2009/12 7

9.

B ID

ID

ID

ID

SU01

10.

A


2009/12 8

11. A SA38 RSPFPAR RSPARAM

ID

login/disable_multi_gui_login

1 R/3 () SAPGUI

login/failed_user_auto_unlock

1 () 0

A

login/fails_to_session_end

1 ID

A

login/fails_to_user_lock

ID

A

login/min_password_diff

(==> )

A

login/min_password_digits

(0-9) /

A


2009/12 9

0 8 1

login/min_password_letters

/ 0 - 8

A

login/min_password_specials

/ ( !\@$%&/()=?`*+~#-_.,;:{[]}\\ ) 0 8

A

login/min_password_uppercase

login/password_downwards_compatibility 5 : (A - Z)

A

login/min_password_lowercase

login/password_downwards_compatibility 5 : (a - z)

A

login/min_password_lng

A

login/multi_login_user ID


2009/12 10

s R/3 ID ()

login/no_automatic_user_sapstar

SAP*

A

login/password_compliance_to_current_policy

0 : 1 : "SERVICE" "SYSTEM" NetWeaver 7.0 (862989)

ID

login/password_expiration_time

0

login/password_max_idle_initial

() "The initial password has expired; request a new one"

login/password_max_idle_productive

""


2009/12 11

login/password_change_waittime login/password_expiration_time "Password was not used for a long period and therefore deactivated"


ID 0 1

rdisp/gui_auto_logout

12.

A (=&A) ( = &B = &A) ( = &B = &A) &B &A

&B &A

A

ID

1


2009/12 12

RFC/CPIC (Type = &A) RFC/CPIC ( = &B =

&A) &A &B

&A &A &A &A &A

13.

A

ID ID

IID

1

14.

SAP A SAP


2009/12 13

? DDIC ():

SAP* ():

EARLYWATCH (066):

SAP

RSUSR003

15.

A SAP* ?

ogin/no_automatic_user_sapstar = 1 SAP*

16. SAP_ALL

A SAP_ALL ?

SAP_ALL: SAP_ALL

SAP_ALL

SAP_ALL

SAP_ALL

SAP_ALL

S_BCE_68001395 - SAP_ALL SUIM SAP_ALL


2009/12 14

17.

A

18.

A ?

?

3


2009/12 15

19.

A

/ &B / &B / &B &A / &B

20.

ID

A


2009/12 16

21.

A ?

22.

A

23. SoD SOD

A

ID


2009/12 17

24.

B OSDBMS

OSDBMS

SAPBITA

25.

OSDBMS

B

SAP

SAPBITA 2


2009/12 18

26. B ?

SAP DBMS SAP

SAP

DBMS SAP

DBMS ID

1

2

27.

B ?

SAP BIT A


2009/12 19

Web AS ABAP 7.00 NetWeaver 2004s

: 8 40 40 ( 8 ) Web AS ABAP 7.00 NetWeaver 2004s 8 32 () z login/min_password_lowercase z login/min_password_uppercase z login/password_downwards_compatibility

: ( 5 ) () 5 (login/password_history_size) ( 100 )

( 1)

(: ) login/password_change_waittime (: 1000 )

()

() () login/password_compliance_to_current_policy = 1

() () SERVICE SYSTEM ()


2009/12 20

() z login/password_max_idle_initial z login/password_max_idle_productive

:

"" (: ) z ": " z " - "

z login/failed_user_auto_unlock : 0 (1 )

z login/fails_to_user_lock : 5 (12 )

5

z login/no_automatic_user_sapstar : 1 (0 )

z login/min_password_lng : 6 (3 ) 6

z login/ticket_expiration_time : 8 (60 ) 8

login/password_max_new_valid login/password_max_reset_valid login/password_max_idle_initial


2009/12 1


2009/12 2

N0

1.

A

OS

LAN

1 1


2009/12 3

N0

SAP

OS

A

A

2.

A

SAP SAP


2009/12 4

N0

SAP

A

A

A

(1 2 )

24

QA ()

A

3.

A


2009/12 5

N0

4.

A


2009/12 6

N0

A

SM36

SM37RZ01 J-SOX

SM35

A

A SAP

5. SAP

A

RZ10


2009/12 7

N0

TU02

A

A

SAP

SAP

A

SAP

SAP ABAP

SAP

RZ20 SM21 RZ20 and/or SM21 SAP

SM13

ABAP ST22

6. SAP

A


2009/12 8

N0

A OS

OS SAP ERP UNIX WindowsSAP ERP OS OS OS

OS /

SM69 OS

SM49

A

OS

OS OS

SM69SM49

SM69 OS

7. OS

A

A

SAP ERP

DBA

DB13

DB12

8.

A


2009/12 9

N0

A


Sap Erp It 全般統制チェックリスト

Documents

Transcript of Sap Erp It 全般統制チェックリスト