Quick check of your SAP security settings with the Xiting Authorizations Management Suite (XAMS)
CREATING NEW ROLES
A clearly structured and secure authorization management is very important to avoid errors and prevent access by unauthorized persons. These services are part of our authorization management:
The SAP Basis & Technology department deals intensively with SAP technologies and their application. The possibilities and limits are examined and corresponding specifications and tools are developed in order to use the technologies profitably. The results and findings are made available to the other alogis areas and implemented in real-life customer projects.
RECOMMENDED GATEWAY SETTINGS FOR RFC SYSTEM PROTECTION
The CodeProfiler prevents poor-quality code or programs with security vulnerabilities from entering a productive SAP system landscape in the first place. It is therefore important to use the CodeProfiler throughout the entire lifecycle of a software. Already during programming, the CodeProfiler helps the developer to identify and correct errors and vulnerabilities in the SAP landscape. The CodeProfiler automatically ensures that only "clean" code is transported to the next level (development system -> test system -> quality assurance system -> production system). The CodeProfiler can also be used for regular review cycles.
Especially in larger companies, which also have multiple locations in different countries, it is often necessary to grant different employees the same permissions for different levels of organisation, such as accounting circles. In order to make maintenance and maintenance of the system easy in such a situation, it is useful to set the inheritance principle for SAP permissions. How does SAP Permissions Inheritance work? An inheritance is always about a master object passing certain properties to a derived (sub) object. Therefore, these properties do not need to be maintained several times. Also, changes to the master object are passed directly to the derived objects. This allows easier maintenance and drastically minimises the error rate. In the case of SAP Permission Inheritance, the required permissions are bundled in a Upper or Master role. Only the organisational levels have to be maintained in the roles derived from them. The permissions are automatically pulled from the master role. Create Inheritance for SAP Permissions The following shows how to create and use inheritances for SAP permissions. This requires only two steps: Creating a master role and defining derived roles. Step 1: Create a master role Inheritance always requires a parent role, because all properties are inherited from it. If this role, in which all shared permissions are bundled, is missing, the first step is to create this master role. To do this, open the PFCG transaction and enter the desired name of the master role in the Name field. It is possible to identify master and derived roles by using naming conventions. The "Single Role" button will then be used to create the desired role. In the following example I create the master role "findepartment_r".
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
Procedure Load the support packages into the next system (quality or production system).
A few days later, he slips into the same disguise, successfully changes his identity and then swings through Berlin as Captain von Köpenick.