Generate and monitor a revision-proof permission concept tool-based: The established processes for entitlement management, role application and assignment are not documented at all or in a central location in your company? In the revision, it was noticed that a written authorisation concept does not exist, is not up to date or that the processes do not meet the requirements?
SWI1 Work item selection
In this article on SAP Security Automation I would like to take a look at the future of automated processes in the SAP Security area. For many companies, the topic of security automation still offers a lot of potential in terms of time savings and process optimisation. Our daily work environment offers numerous tasks that could be handled excellently automatically. For this reason, in this article I present two of the possibilities that already exist in the broad area of security automation. Security Automation via SAP Security Check The first option of Security Automation, which I want to introduce here, is the automatic verification of the existing permissions. Have you ever wondered who has critical permissions in your SAP system? And have you ever tried to do this by hand? Depending on the level of expertise and experience of the privilege administrator, this is a time-consuming work. If an audit is also announced and the SAP system is to be checked for critical permissions and segregation of duties, then it is very difficult to meet all requirements and secure the eligibility landscape in this respect. For this reason, various vendors provide solutions to automate the verification of the permission system with regard to critical permissions and segregation of duties using tool support. This allows permission administrators to use their valuable time to correct the errors rather than just looking for them. For example, we use a tool that runs through the verification of over 250 rules. We then get an evaluation of which rules are violated and which points are correct. A simple example of such rules is the use of the SAP_ALL profile. Another would be to grant the jump permission in debugging (S_DEVELOP permission object with the ACTVT = 02 field). These are two relatively simple examples of Security Check tools' rulebook. In addition, queries are also made, which are located in the field of Segregation of Duties. Using this tool allowed us to move from manual validation of critical permissions to an automatic process.
What makes using Avantra so interesting is the elimination of manual effort. This frees up SAP technology teams to build new skills.
SAP Business Objects: CMCRegister Card Configuration Permissions
Permissions beyond the daily task spectrum are granted only for limited periods and under control. The activities with the emergency user are logged in a revision-proof manner. Do you already have an emergency user concept in use or would like to introduce one? I'm happy if you share your experience with me! You can leave me a comment or contact me by e-mail.
SAP Basis is the cornerstone of your SAP system and failures can lead to significant and annoying problems. For assistance in building and expanding SAP Basis, SAP Basis consultants can help. Certified SAP consultants enable tailored solutions for any business landscape.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
It is precisely these challenges that are important to me, so that I can continue to learn and develop professionally on a daily basis.
SAP Basis refers to the administration of SAP system that includes activities like installation and configuration, load balancing, and performance of SAP applications running on Java stack and SAP ABAP. This includes the maintenance of different services related to database, operating system, application and web servers in SAP system landscape and stopping and starting the system. Here you can find some useful information about SAP Basis: www.sap-corner.de.
SAP GUI for Windows, SAP GUI for Java, Web Dynpro for ABAP (WDA) and SAP GUI for HTML ("Web GUI") are widely used.