SAP contains hundreds of thousands of tables. In some cases the direct access to these tables allows one to retrieve data faster. Below a list of tables for each defined area:
Topics: SAP ECC, sap standard role, Profiles, SAP Table
How does one know if you have set up a good authorization concept in SAP??
What are the metrics and how to best exploit them? Does a SAP Security Score exist?
Topics: User Access Management, autorizzazioni sap, sap custom, Statistiche security SAP
Why is that all the decisions taken following authorization assignments requests fall under the IT department?
Topics: Segregation of duties, sap access control
For reasons of internal policies or regulations it may be necessary to make some data inside of SAP anonymous. There are many ways to do this. The first elements we need to consider are:
Topics: SAP GDPR, UI logging, UI Masking
SAP updates are frequent. SAP releases feature updates to its products but also new features or patch security.
Is it really possible that external consultants do not have any access to SAP production systems?
Clearly there are various case studies, occasional or ongoing consultants, for example for maintenance contracts.
Is it really necessary to release an access to the production systems even in this last case? Can we control what happens and why it is requested?
How do you monitor the data exported from SAP ECC?
Many users must be formally authorized in order to do that as part of their job. It’s however of great importance, especially in a GDPR framework, to monitor how and who exports data in a non-authorized way from the SAP system.
How do you do that? Let’s see some paid methods and others included in the SAP business suite
Topics: gdpr, security audit log, SAP Security, SAP HR, SAP ECC, UI logging, UI Masking
Are you an auditor? Or an IT manager who wants to monitor the data of his own SAP systems?
Is it possible to assign privileges without leaving traces or almost?
That’s why you need to know what are the potential risks in the SAP system and how you can mitigate them!
Topics: ABAP, programmazione sicura, sicurezza codice ABAP
In SAP there is/was a limit on the number of profiles that can be assigned to a user. Historically this limit of 300 and then 312 has been kept to stop the assignment of too many authorizations to users.
Does this limit persist?
