Schedule user adjustment as a job
AL08 System-wide list of user sessions
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Furthermore, the DISPLAY system variable must be set in order to start the TREX admin tool. Details and a guide to installing the tool can be found here: instguides → SAP NetWeaver → Released 04 → Installation → Cross-NW → Installation Guide Search and Classification TREX.
System Operation & Availability
The results of the tests can be documented so that the development can be considered over a period of time. This way, you will be aware of the revision and of the relevant issues before the examination.
Virtual CodeProfiler allows you to automatically identify risks in ABAP code and correct errors. CodeProfiler for ABAP is fully integrated with SAP and is based on Virtual Forge's patented global data and control flow analysis. This solution helps ensure that applications written in ABAP have no security, compliance or quality gaps. As a result, SAP systems are protected from unauthorized access and meet the requirements of internal and external auditors. At the same time, CodeProfiler improves the performance of SAP systems and reduces costs.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
By correctly assessing your own applications for suitability for operation with an external service provider or in the cloud, the enterprise risk of the chosen service form is minimised.
You can read more about assigning permissions to individual tables here.