Hybrid clouds
Client Management
Cross-client tables can be modified. The control system of another, productive client can thus be undermined and undermined. Quite a lot of power! Did you also know that the SAP system provides a feature that deletes table change protocols (DBTA BLOG table) and that it is effective across all clients? If the table change logs have not been additionally archived via the BC_DBLOGS archiving object, traceability is no longer available. That way, every criminal act within your company can be beautifully covered up. Similarly, full access to batch management allows you to manage all background jobs in all clients with the permission. This allows you to delete old background jobs that have gone unauthorised. There are also some points to consider when managing print jobs. Typically, the following two SAP access permissions are enabled to protect print jobs: S_SPO_DEV (spooler device permissions) S_SPO_ACT (spooler actions). Why? Confidential information in print jobs is not protected against unauthorised disclosure. (Strictly) sensitive print jobs can be read unauthorised or redirected to external printers and printed out. Print jobs are unprotected unless additional SAP access permissions are enabled to protect print output. The print jobs are multi-tenant, which means that the authorisation award should also be well thought through at the point.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Requirements
In the case of distributed or local SAP systems, it can also be helpful if departments or decentralized IT units can schedule their own jobs themselves. It is important that the associated approval processes can also be mapped and easily tracked. This brings convenience, flexibility and a degree of freedom without neglecting operational security. The integration of the business departments can relieve the IT administrator and turn background processing into an end-to-end process integrated into the organization.
Setting up Client certificate for access to SAP ONE Support Launchpad This week it was again: The Client certificate for SAP Support has expired. Who wonders how I can set up the client certificate in the browser? Here is the instructions against password-pop-up terror. Short and painless. Launchpad Call Personalisation SAP Passport Add Kachel to the Home Group View Kachel in My Home Create SAP Passport Certificate (with S-Users password) Download Certificate Open and Import Certificate Close Browser Then. If you (like me) have been looking for this feature for a long time, I'm glad to have a short ping in the comment.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Some useful tips about SAP basis can be found on www.sap-corner.de.
With an 'X' in this three-digit switch value you can now explicitly specify at which position in the user name no wide spaces and control characters may occur.
So that unauthorized persons cannot access important data and your employees are protected from unintentional violations.