How to keep SAP REALLY up to date with Security notes

Keeping SAP up to date is always a necessity given that we want to keep our systems up to date and protected, yet we must admit that it isn’t easy to do. There is an excess of information in a rapidly-changing complex world in which technologies, rules, laws, crackers, hackers, tools and vulnerabilities quickly appear and disappear.

We are used to other systems being updated automatically every time the manufacturer brings out a new update: operating systems, applications, mobile phones… not to mention televisions, cars and even fridges. Funnily enough, SAP is one of the most widely used ERP systems and it doesn’t have a trivial security-update mechanism.

Are you sure? Let’s see how we can make it easier to keep SAP updated with Solution Manager.

Keeping SAP updated using SAP Solution Manager

One possible option for keeping up to date is to configure our OSS account so that it informs us of any new notes every time we log in to the SAP Support Portal. We must admit that this approach is rather inefficient. Having to log in periodically and check whether there are any relevant notes is complicated and tedious.

The other option is to use Solution Manager with the «System Recommendations» scenario to obtain the relevant notes from the systems which we can selectively and systematically select from our landscape, and which can be integrated with ChaRM.

The System Recommendations scenario enables us to filter which of our systems we want to be taken into account. Every time SAP releases security patches (on the second Tuesday of every month), the scenario identifies which parches, and which OSS notes are applicable to the selected systems, and it prepares them for them to be implemented using the appropriate tool (SNOTE, SUM, etc.).

Steps to configure Solution Manager

  1. Connecting SAP systems with Solman
  2. Configuring the basic System Recommendations scenario
  3. Planning the job of collecting the information from notes and parches
  4. Configuring a user with the adequate roles for the scenario

How it works?

You access the System Recommendations scenario from the SM_WORKCENTER transaction, and any of the following options can be chosen:

  • Show Support Packages, to prepare to update the selected systems
  • Show SAP Notes, to manage the notes that are applicable to our selected systems
  • Refresh SAP Notes, to execute the job of collecting data and updating information once again.

This set of notes can be filtered by category (New, Kernel notes, Release-independent, etc.)

We can now mark the notes with standard states or ones created by us (for example, implementation urgent, normal, etc.)

Whether it’s notes or parches, they are automatically selected for download, and once the set of modifications has been determined it can be integrated with ChaRM:

On selecting this integration, a Request for Change is automatically created called «Created for System Recommendations» and it is now ready to be imported in the selected systems of the scenario!

At the same time, and with the «Change Impact Analysis» scenario, the effect of the change that has been created automatically can be evaluated:

This functionality closes the complete change management cycle from the publication of notes and parches by SAP, introducing the possibility of automating the process and controlling the system’s modification process in one single scenario.

At Novis Euforia we are experts in SAP security systems and we have the necessary knowledge and technology to manage any project that your company might need. You can read more articles like this on our blog.


We generate high value content around SAP. Do you want to receive it?