AGLEA Blog

Why is that all the decisions taken following authorization assignments requests fall under the IT department?

Topics: Segregation of duties, sap access control

For reasons of internal policies or regulations it may be necessary to make some data inside of SAP anonymous. There are many ways to do this. The first elements we need to consider are:

• Which data needs to be anonymous
• In which systems/environments
• Which users to authorize
• How to monitor the compliance of the created segregation

Topics: SAP GDPR, UI Masking, UI logging

 

SAP updates are frequent. SAP releases feature updates to its products but also new features or patch security.

 

Topics: patch, upgrade, su25, pfcg, HANA, S4/HANA

How does segregation of duties help protect your company data?

 

Topics: SAP Security, governance, ISO, sod

Here's why it's important to check how data is exported and by who it's spread

How do you monitor the data exported from SAP ECC?

 

Many users must be formally authorized in order to do that as part of their job. It’s however of great importance, especially in a GDPR framework, to monitor how and who exports data in a non-authorized way from the SAP system.

How do you do that? Let’s see some paid methods and others included in the SAP business suite

Topics: SAP Security, SAP ECC, SAP HR, gdpr, UI Masking, security audit log, UI logging

In SAP there is/was a limit on the number of profiles that can be assigned to a user. Historically this limit of 300 and then 312 has been kept to stop the assignment of too many authorizations to users.

 

 

Does this limit persist?

Topics: SAP Security, 312, profili, ust04, SAP ECC, pfcg, S4/HANA

A classic SAP landscape is made of three distinct machines:

 

• Develop environment
• Test or quality environment
• Production environment

 

It's possible to define more environments, for example, pre-production or other clients in the aforementioned systems.

 

Why are test systems essential for SAP security, and why do they need to be managed in such a way?

Topics: gdpr, quality, test system, audit sap, sap security guidelines

Which SAP Security transactions should you have in your favorites?

 

 

Transactions for managing SAP Roles, for Profile generator configuration, for SAP auditing. Some of them are useful in certain moments, some of them daily. Also keep in mind in some cases is suggested to be used though a firefighter or your emergency users.

Topics: sap cyber security, SAP Consulting, SAP Transactions

We're talking about a program, available on many platforms (Windows or Unix like), that allows one to connect to SAP systems in an interactive way. The acronym SAP GUI stands for Graphical User Interface

 

If we want to be more precise it is the client that makes it possible to connect to SAP systems based on the ABAP technology. How do you make the most of the SAP GUI History function?

Topics: sap gui security, sap gui, sap gui history