A classic SAP landscape is made of three distinct machines:
It's possible to define more environments, for example, pre-production or other clients in the aforementioned systems.
Why are test systems essential for SAP security, and why do they need to be managed in such a way?
In order to use the test environment, even from an authorizations point of view, it's important that the system is frequently upgraded. This environment should also contain specific users for Job Role so that it may be possible to test single roles and not just test using real users defined in the production system.
This kind of test could give the false perception of absence of errors, while instead creating problems in the production system. This is because of the sum of SAP authorizations principle.
The test of every single role (instead of user) is grandly more efficient.
In some situations it may be necessary to have the same error case even in the test environment, in order to carry out tests to understand the true nature of the error and correctly authorize a user.
Before the import of new programs in production environment, may these be internally or externally developed, they should be evaluated in various classes, for example:
Only a test system that is updated and like the production system allows for truthful tests of the above-mentioned classes. Are you equipped with a quality control software for the developed code?
Each time that we perform a data copy from production environment to the development one, we must be concerned with which data is transferred and how.
When we authorize users to enter the system right after the copy, the degree of security of that system should mirror the production one.
It often happens to set connection routes between SAP systems. The main ones, for example, are due to the SAP transports system (Transport Management System). These ones must be secured also.
It is recommended to activate secure communication connections (SAP data cryptography) to protect the transferred data.
It's of the uttermost importance to check for the presence of active routes containing valid and usable credentials from systems of minor security (develop or test systems) towards productive systems (which have a higher level of security)
Blog post originally translated from: https://www.aglea.com/blog/5-motivi-sap-security-per-avere-un-sistema-di-test-aggiornato