This blog will explain how you can optimize your process of security notes via System Recommendations.
Questions that will be answered are:
- What is the System Recommendations tool?
- How do I set up the System Recommendations tool?
- How do I deal with the results of the System Recommendations tool?
- Where to find even more information on the System Recommendations tool?
What is the System Recommendations tool?
System Recommendations is a tool that runs in SAP solution manager. It weekly check SAP for new security notes and compares it with your own system. New notes will be alerted as new in the System Recommendations list. Notes you have applied will be removed from the list.
This automated procedure save you a lot of time checking for and follow up on security notes.
Alternative in SAP Focused Run
SAP Focused Run has a superior alternative for checking security notes with it’s Configuration and Security validation tool. Read more in this blog.
Setting up System Recommendations
If solution manager is properly setup, system recommendations is already enabled.
To verify if the system recommendations job is running start transaction SOLMAN_SETUP and select Mandatory Configuration and then Basic Configuration. Then select in the roadmap on top step number 2 and look for the system recommendations job, which will typically run every week:
Adding a system to System Recommendations
In SOLMAN_SETUP goto the managed system configuration of the system you want to add to system recommendations.
Select the full configuration for the system. On the roadmap select step 5: Enter System Parameters. On the screen below tick the box for Enable System Recommendations:
Now the system is added you need to wait until the weekly job runs.
System recommendations result
In solution manager goto the System Recommendations tile:
Upon clicking you get the list of systems and OSS notes per category:
Now you can zoom in for example on the security notes:
Per OSS note you can keep track of the status:
Dealing with the list
Some notes you can implement via SNOTE automatically. After they are implemented (normally via transport import if you run System Recommendations against productive system) they will be gone with the next run of system recommendations.
Some notes depend on kernel patch: also here, you can mark the status as to-be-implemented and wait for the actual implementation of the kernel patch.
Some notes might be non-relevant: you can mark them and they will no longer show in the open list of security notes.
DB and OS versions
The security notes will pickup all the database and OS versions for security notes, even if you don’t run them. To reduce the list goto transaction SM30 and maintain the content of table AGSSR_OSDB:
Flag the unused Databases and OS to Inactive and they will be filtered away next run.
System recommendations function has more features. If you want to read all of them, please read the SAP full document. You need to use transaction SM30_DNOC_USERCFG_SR to configure these settings.
OSS note backbone settings
If you have issues updating most recent notes, or anything at all, please check in transaction SM30_DNOC_USERCFG_SR. Make sure there is no entry there for SYSREC_RFC_CALL. If it is there delete it. This is due to the SAP technical backbone change.
More background information
More background information can be found at the SAP pages on system recommendations and in SAP oss note .
Bug fix OSS notes
Please check these notes for potential bug fixes: