SAP Security Automation
Change documents
Single sign-on (SSO): This solution is useful if you have not yet used SSO for your SAPS systems or if not all SAP systems are integrated into the SSO solution. In such cases, you must implement the Web application in a system that supports SSO logins, such as Central User Management (ZBV), SAP Identity Management (ID Management), or Active Directory (AD).
Increasingly, it is possible to make use of automation in the security environment. Although these are not yet used by many companies, they are the next step in digital transformation. By using automation intelligently, companies can free up resources for the innovation topics that really matter. In the future, we can expect both the number and power of automation tools to increase. It is therefore only a matter of time before SAP itself also delivers optimized support in the form of tools as standard.
Advantages of authorization concepts
In the SCUA transaction, which you typically use to create or delete a ZBV distribution model, you can temporarily disable a subsidiary system. This option is disabled by default. To enable it, you must make changes in the customising of the PRGN_CUST table. Open the PRGN_CUST table either directly or via the customising in the SPRO transaction in the respective subsidiary system.
When using encryption mechanisms, be sure to prevent access to the personal security environment (PSE) files in the server's file system and database. To do this, create your own table permission group for the SSF_PSE_D table and restrict programmes from accessing the /sec directory in the file system. For details on securing key tables, see SAP Note 1485029.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
You can check which permissions, SU24 suggestion values, or SU22 suggestion values the authorization object uses.
Do you need to integrate the S_TABU_NAM authorization object into your existing permission concept? In this tip, we show you the steps that are necessary to do this - from maintaining the suggestion values to an overview of the eligible tables.