SAP Basis range of services
ST02 Operating system overview
It is therefore not unusual for the authorisation allocations to be regularly reviewed in the course of a revision or by external auditors. This is a very laborious process with SAPS standard tools. In this scenario, an authorisation administrator would first have to manually assign each employee to a specific manager and determine their roles. After that, these roles should be exported from the system (for example, to an Excel file) and then submitted to the supervisor so that he can decide whether the role assignment is appropriate or not.
Often one is obliged to perform a migration. There are various reasons such as legal requirements or preparatory measures for an S/HANA conversion. We are happy to support you in your decisions.
TECHNICAL LEAD (TL)
A role concept according to best practice protects you from potential attacks within your SAP landscape. However, to protect your system from unauthorized access via the network, a correct configuration of the SAP gateway is required. It enables the use of external programs via interfaces or the call of ABAP programs and serves as a technical component of the application server, which manages the communication of all RFC-based functions.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
More than 100 selected SAP Basis articles from rz10.de since 2011! Over 800 pages of tips, tricks and tutorials with screenshots from real SAP systems.
Migration with updating of the SAP application to the HANA Platform (ERP to the S4/HANA, BW to the BW4/HANA).