AGLEA Blog

What is it? How should you structure it in our opinion?

How should you prepare to activate and evaluate it?

SAP provides pre-defined roles instead of having to create them from scratch.

Is it worth using them or not? Why are they often, or almost always, not used?

This is a statement that I often hear: "SAP traces everything". 

But is it actually like that? Can I really ensure an activity tracing and find out who did what in the system? Or are there any methods to bypass these logs?

What is a SAP Security Patch Day? When should you do it?

Who are the main researchers reporting security problems to SAP?

What are the main oversights when using SAP GRC or deciding whether to use it or not?

What are the focus points in SAP S/4HANA projects?

What is worth doing to prepare? How to approach new things?

What should the Data Protection Officer do in SAP systems? 

For many companies using SAP (if not all of them) it is absolutely normal to 'undergo' inspections by external entities. Especially for the auditing of balance sheet data.

A common practice is to enable everything to the auditors. And from the perspective of maximum transparency it could certainly make sense. But is it possible to evaluate or reason differently? Continue reading...

Did you know that there is a feature called "User Comparison" in SAP? Even in S/4HANA?

But what is it for and why in some cases might there be errors?

Did you know that there are "special" SAP users whose credentials are known, public?

This is not an SAP oversight; it is something known and familiar. Especially in the initial setup processes of the system, utilities are activated that should be secured immediately thereafter. But what are they and what should you do?