Authorizations
SE41 Menu Painter
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Our SAP Basis trainings and courses originate from our practical work in companies. All SAP Basis trainings for system administration and administrators are conducted by SAP certified experts, who know what they are talking about, because they mainly realize SAP projects at our customers.
On www.sap-corner.de you will also find useful information about SAP basis.
The most important SAP Basis transactions
All of the above tasks have been part of SAP Basis Administration for decades. However, SAP software has changed a lot since the introduction of HANA in 2010, and with that, the SAP system administrator's job has changed as well. Here are some of the key differences:
Basis is a set of programs and tools that interface with databases, operating systems, communication protocols, and business applications (such as FI, CO, MM, etc). The full form of BASIS is "Business Application Software Integrated Solution".
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
This means, of course, a certain initial effort for the creator, which nevertheless pays off more than if the quality is sufficient.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
Technically, SAP Basis consists of three layers: the database layer, the application layer and the presentation layer.