- role-based authorization
- part of a comprehensive security concept (operating system, database, network and front end levels)
Authorizations
- used to control the access at application level
- role is used to provide this access
- PFCG will be the tool to create roles and authorizations
Why are authorizations required?
1. Protection of sensitive business data on the basis of Laws, Agreements, and Regulations
2. Advantageous cost-benefit relation
3. No obstruction of business process
Planning security
- WHAT do you want to protect?
- Determine AGAINST WHAT you want to protect assets
- Potential sources for danger:
- Protective measures
* Organizational
* Technical
* Environmental
- Protecting an SAP system
* Security implementation on all levels
* Complex Authorization Concept as part of an overall security concept
Access Controls
System Access Controls
- Users must identify themselves in the system
- Configuration of system access control (such as password rules)
- Access rights for functions and data must be granted explicitly using authorizations
- Authorization checks for transaction or report calls, program execution
- Role Menu - transactions, reports, Web links, etc.
- Authorizations - define the access rights for business functions and data
- User - assigned users to the role
Implementation Methods and Authorization
- Implementation guide for SAP projects
- Implementation divided into a model with 5 steps
- Creating authorization content in combination with project teams and user departments
- Integration of Authorization Assignment and User Administration in the "Business Blueprint" and "Implementation" phases
1. Preparation
2. Analysis and Conception
3. Implementation
4. Quality Assurance and Test
5. Cutover
Project Preparation
Inclusion of all relevant decision-makers for the SAP implementation and selection of the internal and external members of the project team.
Business Blueprint
The business requirements of the implementing company are determined. The Business Blueprint is a visual representation of the status of the company which is to be realized in the SAP implementation. All business processes are analyzed and described here. This is the basis for the later authorization concept.
Implementation
Configuration and fine tuning of the SAP system. The business processes created and described in the previous phase are the starting point for the implementation of the roles.
Final Preparation
Testing of all interfaces, training of users, migration of business data into the SAP system.
Go Live and Support
Start of SAP production operation, specification of procedures and measurement items for ongoing checking of the benefits of the investment in the SAP system.
No comments:
Post a Comment