SAP Authorizations Mitigating GRC risks for SAP systems - SAP Basis

Direkt zum Seiteninhalt
Mitigating GRC risks for SAP systems
ACCESS CONTROL | AUTHORIZATION MANAGEMENT FOR SAP®
Are you sure that your compliance is always ensured when using your SAP system? Would you like to make SAP authorization assignment clearer and reduce the manual workload? Our SAP add-on apm creates simplified processes and thus more transparency in your existing SAP authorization management. Reduce administrative effort and ensure clarity in your compliance solution.

If your users are allowed to share their own background jobs, you need the JOBACTION = RELE permission to the S_BTCH_JOB object. In this case, you can start all jobs at the desired time. In many cases, background jobs are used for the professional or technical operation of applications; Therefore, we recommend that you schedule these background jobs under a System-Type technical user (see also Tip 6, "Note the impact of user types on password rules"). The advantage of this is that the permissions can be controlled more accurately and you do not run the risk of a job being lost if the user under whom it was scheduled to leave your company once. You can realise the association with a system user by giving the user who plans the job permission for the S_BTCH_NAM object. In the BTCUNAME field, the name of the step user, i.e. the user under whom the job should run, such as MUSTERMANN, is entered.
Challenges in authorization management
Run the System Trace for Permissions (ST01 or STAUTHTRACE transaction) to record permission checks that you want to include in the role (see Tip 31, "Optimise Trace Evaluation"). Applications are logged through the Launch Permissions checks.

You can also find some useful tips from practice on the subject of SAP authorizations on the page www.sap-corner.de.

Consulting firms adjust the roles and authorizations in retrospect. This usually means "making the best of it" and making ad hoc adjustments - in other words, not fixing the root cause and cleaning up from scratch. Companies should therefore ask themselves: how can this be avoided? What requirements must a DSGVO-compliant authorization concept fulfill? How can we remain meaningful regarding the authorizations of specific individuals in the system and the purpose of the authorizations?

"Shortcut for SAP systems" is a tool that enables the assignment of authorizations even if the IdM system fails.

However, these can be used as a starting point and adapted accordingly after a copy has been created.

So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.

Until now, users had to be locked and the group of administrators excluded from this lock.
SAP BASIS
Zurück zum Seiteninhalt