SAP Profile Parameters
SAP profile parameters are essentially configuration settings that dictate how an SAP system or instance operates. These parameters control various functionalities of the SAP system, including:
- Security and Login behavior
- Memory usage
- Database access
- Network connectivity
- System behavior
There can be multiple profiles for each SAP instance, and each profile has a unique name and set of parameters. Also some profile parameters are dynamic and effect system behavior as soon as they are changed while others are static and only come into effect when the SAP system are restarted.
Changing profile parameters is the job of Basis professionals even though other technical team members can suggest values based on requirements. Unlike many changes to configuration, profile parameter changes are not recorded in transports but are made manually in each system. It is a good practice to first change the parameter in development system, test the change, then in quality assurance system, test changes again and only then make the changes in production. While actually changing a profile is typically a 5 min job, testing the impact of the change and getting a time when the production system can be restarted (for dynamic profile parameters) is as if not more important for the change.
The security administrator should specifically review the profile parameters which control the security behavior of the system to make sure that they meet company policies. Often times, reviewing the profile parameters are an activity of the periodic system audits that a SAP system would undergo. The official SAP documentation should be checked to understand the different profile parameters and recommended values for them.
There are two transactions which are used for managing the profile parameters. The RZ10 transaction is used to make changes to the profile parameters. Since this is the transaction for making updates, only the Basis team should be using this tcode.
The other transaction that is much more common is RZ11 which is used to display the profile parameter values. You enter the profile parameter name and then simply click the display button
The profile parameter shown in the screen controls the auto logout interval for the SAP system. The 0 value indicates that there is no auto logout value set while the recommended value is 3600 sec. However, please note that each company is different and the final value adopted is typically dictated by company policy as long as the adopted value does not create a security risk.
Hello, is good to see you update your post again, I love your work, thanks for sharing and all the effort you put into. If it is possible, could you please add GRC material?
Regards
Thanks for taking the time to comment. While I have done a few GRC installations, I don’t consider myself to be a GRC expert which is the main reason why you don’t see any GRC related content on the website. Also, I feel GRC to be very procedural rather than conceptual. So strictly following the official SAP installation guides should be sufficient to get the system working. However, I will keep your request in mind and think what are some areas where some additional content might help.