This one's a bad habit. Most common causes are:
- Project necessities not better detailed
- Scarse sensibility towards data security
- Scarse knowledge of potential problems of this action
Why should you remove these users, even non-interactive ones, ASAP? Let's see some examples!
Why is it a strategic move to have a document that describes how the SAP security was addressed in the company?
When is it needed? What is it needed for? Why do it? How do you maintain it?
sap security guidelines,
SAP Security Documentation
Employees management inside the HR systems (Human Resources). Here it's also essential to manage access in a way that protects sensible data.
Which are the instruments inside SAP HR systems used for logs management? Let's see the main ones here.
security audit log,
Segregation of Duties project: how many risks need to be defined?
Segregation of duties,
Security for custom code in SAP has always been underestimated in most installations
Only recently, in the last years, customers are starting to understand the true importance of code security, mostly related to ABAP language in SAP case.
The SAP ABAP developer then becomes a strategic figure in making sure that programs security (especially custom code security) is attended to and correctly managed.
How do you make sure to always be on top of the topic?
secure coding sap,
Do many days pass from the moment you create a new transaction to when the end user finally is executing it?
Something in the test creation and release processes may have not worked as it should have.
How can you avoid this?
Do you execute transaction PFCG daily, or even sometimes? Perhaps you're not aware of these functionalities that might be useful in some cases.
During the ordinary system management this information might turn out to be useful.
PFCG SAP transaction,
For those that don't know SAP's authorization aspects this title might be just a tongue-twister.
On the contrary for those who manage authorizations in SAP these are very well-known authorization objects. How should you go about managing them?
Who said that in order to have powerful systems you need to have many resources?
How can a small enterprise be compete with a big corporation?
sap cyber security,
The aim of the SoD is to make sure that only people with the right are of competence have access to sensitive transactions.
Segregation of duties,