Why is it a strategic move to have a document that describes how the SAP security was addressed in the company?
When is it needed? What is it needed for? Why do it? How do you maintain it?
Recent Posts
Employees management inside the HR systems (Human Resources). Here it's also essential to manage access in a way that protects sensible data.
Which are the instruments inside SAP HR systems used for logs management? Let's see the main ones here.
0 Comments Click here to read/write comments
Topics: security audit log, audit sap, UI logging, SAP LOG
Segregation of Duties project: how many risks need to be defined?
0 Comments Click here to read/write comments
Topics: Segregation of duties, SAP Security, audit, custom transactions
Security for custom code in SAP has always been underestimated in most installations
Only recently, in the last years, customers are starting to understand the true importance of code security, mostly related to ABAP language in SAP case.
The SAP ABAP developer then becomes a strategic figure in making sure that programs security (especially custom code security) is attended to and correctly managed.
How do you make sure to always be on top of the topic?
0 Comments Click here to read/write comments
Topics: secure coding sap, SAP Security, sap developer, Secure programming
Do many days pass from the moment you create a new transaction to when the end user finally is executing it?
Something in the test creation and release processes may have not worked as it should have.
How can you avoid this?
0 Comments Click here to read/write comments
Topics: sicurezza sap, test system, quality, su53
Do you execute transaction PFCG daily, or even sometimes? Perhaps you're not aware of these functionalities that might be useful in some cases.
During the ordinary system management this information might turn out to be useful.
0 Comments Click here to read/write comments
Topics: pfcg, PFCG SAP transaction, role translation
For those that don't know SAP's authorization aspects this title might be just a tongue-twister.
On the contrary for those who manage authorizations in SAP these are very well-known authorization objects. How should you go about managing them?
0 Comments Click here to read/write comments
Topics: se16, s_tabu_dis, s_tabu_rfc, s_tabu_nam, sql
Who said that in order to have powerful systems you need to have many resources?
How can a small enterprise be compete with a big corporation?
0 Comments Click here to read/write comments
Topics: sap cyber security, siem, threat detection, security bridge
The aim of the SoD is to make sure that only people with the right are of competence have access to sensitive transactions.
0 Comments Click here to read/write comments
Topics: Segregation of duties, Security Analyzer
Which are the main Security SAP Tables for SAP Roles and Profiles?
SAP contains hundreds of thousands of tables. In some cases the direct access to these tables allows one to retrieve data faster. Below a list of tables for each defined area:
- SAP Roles
- SAP Profiles
- Users
- Authorizations
- Authorization objects
2 Comments Click here to read/write comments
Topics: SAP ECC, sap standard role, Profiles, SAP Table