Fabio Mambretti

Fabio Mambretti

Recent Posts

System Users with SAP_ALL assigned, no thanks!

Posted by Fabio Mambretti on Jun 24, 2022 8:15:00 AM

This one's a bad habit. Most common causes are:


  • Project necessities not better detailed
  • Scarse sensibility towards data security
  • Scarse knowledge of potential problems of this action


Why should you remove these users, even non-interactive ones, ASAP? Let's see some examples!

Read More

Topics: sap_all, auditing, rfc, rfc security, rfc destination, system users

SAP Security Guidelines

Posted by Fabio Mambretti on Jun 17, 2022 8:15:00 AM

Why is it a strategic move to have a document that describes how the SAP security was addressed in the company?

When is it needed? What is it needed for? Why do it? How do you maintain it?

Read More

Topics: sap security guidelines, SAP Security Documentation


Posted by Fabio Mambretti on Jun 10, 2022 8:15:00 AM

Employees management inside the HR systems (Human Resources). Here it's also essential to manage access in a way that protects sensible data.

Which are the instruments inside SAP HR systems used for logs management? Let's see the main ones here.

Read More

Topics: security audit log, UI logging, audit sap, SAP LOG

How to define a SoD Matrix

Posted by Fabio Mambretti on Jun 3, 2022 8:15:00 AM

Segregation of Duties project: how many risks need to be defined?

Read More

Topics: SAP Security, Segregation of duties, audit, custom transactions

SAP Developer, how to manage the ABAP code security?

Posted by Fabio Mambretti on May 27, 2022 8:15:00 AM

Security for custom code in SAP has always been underestimated in most installations


Only recently, in the last years, customers are starting to understand the true importance of code security, mostly related to ABAP language in SAP case.


The SAP ABAP developer then becomes a strategic figure in making sure that programs security (especially custom code security) is attended to and correctly managed.


How do you make sure to always be on top of the topic?

Read More

Topics: SAP Security, secure coding sap, sap developer, Secure programming

SU53 SAP why do authorization errors never end?

Posted by Fabio Mambretti on May 20, 2022 8:15:00 AM

Do many days pass from the moment you create a new transaction to when the end user finally is executing it?

Something in the test creation and release processes may have not worked as it should have.

How can you avoid this?

Read More

Topics: quality, test system, sicurezza sap, su53

SAP PFCG: 5 Things you did not know about this transaction

Posted by Fabio Mambretti on May 13, 2022 8:15:00 AM

Do you execute transaction PFCG daily, or even sometimes? Perhaps you're not aware of these functionalities that might be useful in some cases.

During the ordinary system management this information might turn out to be useful.

Read More

Topics: pfcg, PFCG SAP transaction, role translation


Posted by Fabio Mambretti on May 6, 2022 8:15:00 AM

For those that don't know SAP's authorization aspects this title might be just a tongue-twister.


On the contrary for those who manage authorizations in SAP these are very well-known authorization objects. How should you go about managing them?

Read More

Topics: sql, s_tabu_dis, s_tabu_nam, s_tabu_rfc, se16

SAP Cyber Security for SME

Posted by Fabio Mambretti on Apr 29, 2022 8:15:00 AM

Who said that in order to have powerful systems you need to have many resources?


How can a small enterprise be compete with a big corporation?

Read More

Topics: siem, sap cyber security, Security Bridge, Threat detection

How can Aglea help you manage your Segregation of Duties?

Posted by Fabio Mambretti on Apr 22, 2022 8:15:00 AM

The aim of the SoD  is to make sure that only people with the right are of competence have access to sensitive transactions.

Read More

Topics: Segregation of duties, Security Analyzer

Content not found

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all