Why is that all the decisions taken following authorization assignments requests fall under the IT department?
Fabio Mambretti
Recent Posts
Who are the owners of the Governance and Security area?
Topics: Segregation of duties, sap access control
For reasons of internal policies or regulations it may be necessary to make some data inside of SAP anonymous. There are many ways to do this. The first elements we need to consider are:
- Which data needs to be anonymous
- In which systems/environments
- Which users to authorize
- How to monitor the compliance of the created segregation
Topics: SAP GDPR, UI logging, UI Masking
SAP Upgrades. Authorizations are always neglected, why?
SAP updates are frequent. SAP releases feature updates to its products but also new features or patch security.
How does Segregation of Duties help protect your company data?
Topics: ISO, sod, SAP Security, governance
Here's why it's important to check how data is exported and by who it's spread
How do you monitor the data exported from SAP ECC?
Many users must be formally authorized in order to do that as part of their job. It’s however of great importance, especially in a GDPR framework, to monitor how and who exports data in a non-authorized way from the SAP system.
How do you do that? Let’s see some paid methods and others included in the SAP business suite
Topics: gdpr, security audit log, SAP Security, SAP HR, SAP ECC, UI logging, UI Masking
How do you surpass the 312 profiles limit in SAP?
In SAP there is/was a limit on the number of profiles that can be assigned to a user. Historically this limit of 300 and then 312 has been kept to stop the assignment of too many authorizations to users.
Does this limit persist?
5 Reasons (SAP Security) to have an updated test system
A classic SAP landscape is made of three distinct machines:
- Develop environment
- Test or quality environment
- Production environment
It's possible to define more environments, for example, pre-production or other clients in the aforementioned systems.
Why are test systems essential for SAP security, and why do they need to be managed in such a way?
Topics: gdpr, test system, quality, audit sap, sap security guidelines
Transactions for SAP Roles (and Security Manager)
Which SAP Security transactions should you have in your favorites?
Transactions for managing SAP Roles, for Profile generator configuration, for SAP auditing. Some of them are useful in certain moments, some of them daily. Also keep in mind in some cases is suggested to be used though a firefighter or your emergency users.
Topics: sap cyber security, SAP Transactions, SAP Consulting
We're talking about a program, available on many platforms (Windows or Unix like), that allows one to connect to SAP systems in an interactive way. The acronym SAP GUI stands for Graphical User Interface
If we want to be more precise it is the client that makes it possible to connect to SAP systems based on the ABAP technology. How do you make the most of the SAP GUI History function?
Topics: sap gui security, sap gui, sap gui history