RFC means Remote Function Call and it's the SAP standard interface that make the systems communicate between eachother.
Failing to configure this aspect can expose the system to a series of security problems. There are multiple aspects to keep in mind. In this article we will talk about how to protect the system from RFC calls made from third party systems or from other SAP systems.
Topics: rfc, rfc security, UCON
What does GxP mean? Why is it done in SAP?
What are the semplifications that can reduce the maintenance cost of these aspects?
Topics: gxp, sap gxp compliance
The SAP GRC system has to be updated too, with new functionalities, solved issues and improvements.
Here's why you should think about updating this tool. Let's talk about SAP GRC Access Control.
Topics: sap access control, sap grc 12
What does Data Loss Prevention mean?
It means to "put in place" all the possible actions to prevent non-authorized data leaks.
Data leak and data loss have multiple meanings. But what can you do in SAP?
Fuga di dati e perdita di dati hanno significati molteplici. Ma come è possibile fare in SAP?
Topics: sap hana, rfc security, SAP audit, soar, sap siem, sap etd, SAP DLP, data loss prevention
There are different formative paths and trainings for the SAP Security area. Below there are the main courses in the SAP Security and Governance area provided by SAP.
Topics: SAP Security, idm, access management, SAP GRC, SAP HR, e-learning, corso, gdpr, pfcg, HANA, S4/HANA, training
Read here what SAP courses are available. Read here what SAP courses are available.
Data are the new oil? That's probably it! It becomes therefore fundamental to characterize where they reside and their criticality
Once all "standard" protection mechanisms are in place, namely infrastructure and application aspects, it is strategic to deal with the weakest link in the chain. The human side.
How to manage layer 8 of the ISO/OSI model?
Topics: security awareness, social engineering
During daily support users often have to request some information. By email or by corporate ticketing tool.
What system are you on? What were you doing? What transactions were you using when you received the error and so on
To facilitate these requests, in the SAP authorizations field, we can define a short user manual to publish, for example on the company intranet.
Topics: SAP Security, aglea, sap consulenza security, su53
Data protection in SAP also passes through the control of the transactions.
How does SAP control their execution? What should you pay attention to when defining custom transactions in SAP?
Topics: transazioni sap, auditing, processi security
There are many creative ways, in addition to the standard SAP, to manage authorizations.
Let us begin by saying what is the only recommended way. Authorization control using the statement ABAP AUTHORITY-CHECK.
What are other ways to manage SAP authorization controls? More importantly, why shouldn’t you use them?
Topics: sap custom, autorizzazioni sap, profili sap, sap tabelle custom
Do all the users of your system have the SP01 transaction?
Do you really allow all SAP users to see what all users print? Could the prints contain personal data (GDPR), sensitive data? Maybe is better to check it out!