SAP Authorizations Mitigating GRC risks for SAP systems - SAP Basis

Direkt zum Seiteninhalt
Mitigating GRC risks for SAP systems
Limit character set for user ID
The default authorization roles of the new SAP system for consolidation and planning, SAP Group Reporting, are shown in the following graphic. It does not matter whether the system is accessed via the browser (Fiori Launchpad) or via local access (SAP GUI). The authorization roles shown in the graphic merely indicate the technical specifications preset by SAP. However, these can be used as a starting point and adapted accordingly after a copy has been created.

In the SU22 transaction, the developers of an application maintain the proposed values for all required authorization objects; the authorisation trace helps in this. As described in SAP Note 543164, the dynamic profile parameter auth/authorisation_trace of the trace is set to Y (active) or F (active with filter). By inserting the SAP Notes 1854561 or the relevant support package from SAP Note 1847663, it is possible to define a filter for this trace via the STUSOBTRACE transaction, which you can restrict by the type of application, authorization objects, or user criteria.
Implementing Permissions Concept Requirements
Over the course of time, many companies experience profound changes in the framework conditions that significantly influence SAP® authorization management. Not uncommon are subsequent requirements from the area of compliance (SOX or similar) or the increased need for protection.

If you want to know more about SAP authorizations, visit the website www.sap-corner.de.

The permission checks are logged as part of the system trace in transaction ST01. It records all permission checks and validated permission values for a specific application server, and specifies, depending on the client, whether the permission checks were successful or not. The Trace display has now been improved (see also SAP Note 1373111).

During go-live, the assignment of necessary authorizations is particularly time-critical. The "Shortcut for SAP systems" application provides functions for this purpose, so that the go-live does not get bogged down because of missing authorizations.

In the default implementation, the BAdI searches for the certificate in the Trust Manager's address book.

To store all the information on the subject of SAP - and others - in a knowledge database, Scribble Papers is suitable.

Starting with the technical infrastructure of companies and extending to the business processes in SAP systems.
SAP BASIS
Zurück zum Seiteninhalt