Is it really possible that external consultants do not have any access to SAP production systems?
Clearly there are various case studies, occasional or ongoing consultants, for example for maintenance contracts.
Is it really necessary to release an access to the production systems even in this last case? Can we control what happens and why it is requested?
How do you monitor the data exported from SAP ECC?
Many users must be formally authorized in order to do that as part of their job. It’s however of great importance, especially in a GDPR framework, to monitor how and who exports data in a non-authorized way from the SAP system.
How do you do that? Let’s see some paid methods and others included in the SAP business suite
Topics: SAP Security, SAP ECC, SAP HR, gdpr, UI Masking, security audit log, UI logging
A classic SAP landscape is made of three distinct machines:
It's possible to define more environments, for example, pre-production or other clients in the aforementioned systems.
Why are test systems essential for SAP security, and why do they need to be managed in such a way?
Topics: gdpr, quality, test system, audit sap, sap security guidelines
On the 25th of may the “General Data Protection Regulation”, also known as “UE 2016/679 Regulation” or “GDPR” has become effective.
Topics: SAP GDPR, e-learning, corso, gdpr
The basic role is a container of some of the permissions that all users should have.
It is a set of utilities, not critical and useful in some moments. How should it be build up and what should it contain?
Topics: access management, SAP GRC, gdpr, ruoli, pfcg, S4/HANA