Protect Passwords
RFC interfaces
Your system has inactive users? This is not only a security risk, as they often use an initial password, but also creates unnecessary licence costs. There will always be inactive users in your SAP system. There may be several reasons for this. For example, they may be management level users that are virtually unused because they are not using the ERP system. It could also be that employees no longer use their SAP user due to a change of position or that outsiders do not work on the SAP system for a while. In any case, you should ensure that these inactive users are either blocked or invalidated. Up to now, you had to select all inactive users with the help of the RSUSR200 report and then manually transfer them into the SU10 transaction to perform the blocking. You can now do this automatically.
Furthermore, the statistical data of other users (user activities, such as executed reports and transactions) should be classified as sensitive, since it may be possible to draw conclusions about work behavior using this data. This data can be displayed using transaction ST03N, for example. Access authorizations to the two types of data mentioned above should be assigned only very restrictively.
Configure Security Audit Log
For accesses by verifier users (from the table TPCUSERN), the selection parameters of the invoked transaction are logged in the application log and can be evaluated with the report CA_TAXLOG. In the example, the single ledger entry for the vendor account 100000 was invoked.
Cybersecurity is a broad field. Starting with the technical infrastructure of companies and extending to the business processes in SAP systems. Such projects must be well planned and prepared. We have already seen some negative examples of companies that wanted too much at once and then "got it wrong." When it comes to securing business processes in particular, it is important to ensure that the employees affected are picked up and involved. Therefore, use a risk analysis to select the topics and processes that should be at the top of the list when securing.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
In the change management process, a sufficient test and release phase should be set up by the responsible department.
The freeware Scribble Papers is a "note box" in which all kinds of data can be stored. It takes in typed texts as well as graphics and entire documents. The data is then organised in folders and pages.
This means that a login via SSO is not possible for an invalid user or a user with administrator lock.