TUNING
Reset Support Package Status
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
INTRODUCTION A growing number of SAP-based departments are facing major changes and challenges within the SAP product portfolio as well as in their own task environment. These result from influences of digitalisation, digital transformation, new technologies such as cloud computing or big data, but also developments such as customer experience or the Internet of Things. In order to overcome the challenges and to transform the existing SAP basis, recommendations for action are grouped in seven thematic areas. These topics cover the areas of skills and roles (cloud and supplier management, strengthening of the technology architect, focus on project work), marketing and self-understanding (creation of a service catalogue, regular exchange with the CIO, renaming of the SAP basis), new technologies and innovation (test and innovation lab, proactive & regular training), organisation in change (development of the two subject areas close to structure and application-orientated , virtual teams of experts), standardisation and automation (automation of routine tasks, outtasking of rare tasks), "cloudability", outsourcing & outtasking (assessment of usefulness for the cloud, use of appropriate service forms) and IT roadmap (influence of own IT roadmap). By reflecting on the thematic areas, methods and possibilities for implementing the recommendations are presented.
REDUCTION OF CUSTOMER SPECIFICATIONS
The two main tasks of this function are: Deleting profiles including user assignments if no matching role exists. Deleting assignments between users and roles if either the user or the role does not exist.
Using various user, administration and monitoring tools, the SAP Basis system is controlled and managed by an administrator, who is thus responsible for its trouble-free operation. Many companies hand over these tasks to an external service provider.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
SAP Basis is the foundation of any SAP system. You can find a lot of useful information about it on this page: www.sap-corner.de.
But, for the most part, the following three options have proven effective as a consensus mechanism: 1) Proof of Work 2) Proof of Stake 3) Proof of Importance The differences are presented in another blog post.
Use Restrictions to enable the option.