&KDSWHU 6FKHGXOHG$QQXDO7DVNV

&RQWHQWV

The R/3 System .......................................................................................................8–2

Database ..................................................................................................................8–3
Operating System ...................................................................................................8–3
Other.........................................................................................................................8–4
Notes ........................................................................................................................8–4

System Administration Made Easy 8–1

Chapter 8: Scheduled Annual Tasks
The R/3 System

7KH56\VWHP

System: __________
Date: ____/____/____
Admin: _____________________

Task Transaction Chapter Procedure Check off/Initial

Archive year-end backup. 3 Send year-end backup

tapes to long-term
offsite storage.
Audit user security. 11 Review users security
authorization forms
against assigned
profiles.
Can also be done with
report RSUSR100
Audit profiles and SU02 – Security 11 With report RSUSR101
authorizations. Profile
Maintenance
SU03– Security 11 With report RSUSR102
Authorization
Maintenance
Review segregation of duties.

Audit user IDs SAP* and

DDIC.
Run SAP user audit reports. SA38 (or SE38) 11 Run user audit reports.
– Execute
ABAP program
Check that the system is set to SE03 – 11 Verify that system is set
Not modifiable. Workbench to Not modifiable.
Organizer Tools
SCC4– 11 Check changeable status
“Clients”: for applicable client
Overview

Release 4.6A/B
8–2
 Chapter 8: Scheduled Annual Tasks
Database

Task Transaction Chapter Procedure Check off/Initial

Check locked transactions SM01 – 11 Check against your list

Transaction of locked transactions.
codes:
Lock/Unlock

'DWDEDVH

Task Where Chapter Procedure Check

off/Initial

Archive year-end backup 3 Send year-end

backup tapes to
long-term offsite
storage.

2SHUDWLQJ6\VWHP

Task Where Chapter Procedure Column

Title

Archive year-end backup 3 Send year-end

backup tapes to
long-term offsite
storage.

System Administration Made Easy

8–3
Chapter 8: Scheduled Annual Tasks
Other

2WKHU

Task Where Chapter Procedure Check

off/Initial

Perform disaster recovery. 2&3 Restore entire

system to disaster
recovery test system
Test business
resumption

1RWHV

Problem Action Resolution

In chapters 4–8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.

7UDQVDFWLRQ6$6(
:KDW

All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures the task of locking or deleting has been completed.

:K\

Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system under that ID.

7UDQVDFWLRQ6(6&&
:KDW

There are switches that prevent changes from being made in the system. In the production
system, these should be set to Not modifiable.

Release 4.6A/B
8–4
 Chapter 8: Scheduled Annual Tasks
Notes

The purpose of setting the production system to Not modifiable is to make sure that changes
are made using the development pipeline.
In the development pipeline, changes are:
1. Created in the development system
2. Tested in the development system
3. Transported from the development system to the test system
4. Tested in the test system
5. Transported from the test system to the production system
Using this procedure, changes are properly tested and applied to the systems in the
pipeline.

:K\

Objects should not be modifiable in the quality assurance or production systems. This rule is
to protect the production system from object and configuration changes being made,
without first being tested. By setting the production system to Not modifiable, the integrity of
the pipeline is preserved.

7UDQVDFWLRQ60
:KDW

“Dangerous transactions” are transactions that could do the following:

< Damage or corrupt the system
< Present a security risk
< Adversely impact performance

:K\
< If a user accidentally accesses these transactions, they could corrupt or destroy the R/3
System.
Access to dangerous transactions is more critical in the production system than the
development or test systems. This is because of live data and the fact that the company’s
operations are dependent on the R/3 System.
< Certain transactions should be locked in the production system, but not in the
development, test, or training systems.
Standard security normally prevents access to these transactions. However, some
administrators, programmers, consultants, and functional key users could have access to
the transactions depending on the system they are on. In these cases, the transaction lock
provides a second line of defense.
There are over 48,000 English transaction codes in the R/3 System. To make it manageable,
only the critical ones need to be locked. Your functional consultants should supply you with
any additional critical transactions in their modules.

System Administration Made Easy

8–5
Chapter 8: Scheduled Annual Tasks
Notes

Release 4.6A/B
8–6