-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Security Spec
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 4:35 PM
- SAP Managed Tags
- Security
Hello All - I have a question with Identifying Security for IT users on SAP:
My question is when we identify access required by IT users on SAP, who should validate the matrix at the end of matrix creation.
I am trying to build some roles(ABAP, Configuration, BI Analyst...) for RPM Development system, I am in dilemma who would validate users requirement?
Obviously being Role Admin I cannot take that call, who should be involved in taking this decision?
Developer say we need: SE38, SE12...
Cnfigurator say: SPRO,...
BI Analyst say: RSA1....
Who would validate
- ABAP team would need xxxxx
-BI team would need XXXXX
-Config Team would need xxxxxx
How do you act in this kind situation?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 4:45 PM
- SAP Managed Tags
- Security
Hi,
Your Solution Consultants can make your doubts clear.
Regards,
Brahmeshwar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 4:45 PM
- SAP Managed Tags
- Security
Hi,
Your Solution Consultants can make your doubts clear.
Regards,
Brahmeshwar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 4:50 PM
- SAP Managed Tags
- Security
Hi,
There is no answer for this question to get on the internet.
Each company has its specific security policy and so has to decide its own way of validation.
Regards,
Olivier
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 5:03 PM
- SAP Managed Tags
- Security
A good suggestion I would like to give is to delegate this work to your up-line manager.
He/she should take this initiative to more higher authority to set such position of IT Leads who will validate the development work and approve the release of Change requests and transport.
Regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 5:16 PM
- SAP Managed Tags
- Security
Thanks Everyone!
Dipanjan - Its a pretty small project, We have two configuraqtors and a ABAP developer and BI analyst who is working in this project. There are conflicts going with in team:
1) Config says, BI team should not get access to 'SPRO'
2) Config requires ABAP workbench access, ABAP team have conflicts here
There is no Tech Lead/Proj Lead for this Project, and we have a Proj Manager who just try keep things moving.
So I dont know, who would take this call?
If I have to reccomend a model for this, what will be your suggestions?
Appreciate your thoughts on this.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 5:55 PM
- SAP Managed Tags
- Security
> Dipanjan - Its a pretty small project, We have two configuraqtors and a ABAP developer and BI analyst who is working in this project. There are conflicts going with in team:
>
> 1) Config says, BI team should not get access to 'SPRO'
> 2) Config requires ABAP workbench access, ABAP team have conflicts here
>
> There is no Tech Lead/Proj Lead for this Project, and we have a Proj Manager who just try keep things moving.
>
> So I dont know, who would take this call?
>
> If I have to reccomend a model for this, what will be your suggestions?
>
hmm... then the best way is to follow the SAP Standard Roles to design your Task/Function matrix of roles for each Porsition. SAP Standard Roles delivers enough information with text also to identify the requirement of each Position and a good reference for any environment. Please check them and let me know if you have any query.
Regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 6:15 PM
- SAP Managed Tags
- Security
That was in my mind, already started looking in. But I think, I should work on suggesting a model. A standard process or a workflow should take care of these situations.
What approach you follow in your landscape. Does It depends on Proj to Proj or you have a standard set of roles for any new proj.
Thanks
AJ.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 6:28 PM
- SAP Managed Tags
- Security
AJ,
Every client / organisation will be different in some way. If you are tasked with building the authorisations, then you will have some accountability with what they end up with. It is your call to some extent if you are comfortable with what they are requesting. If you are not, then you will need to escalate it within their organisation to get appropriate decision makers in place. Normally, there will be some sort of security architect / security officer / audit manager somewhere who is able to make a decision but you will also have to provide the information about risks of either approach!
In my experience ABAPs and functional consultants will always ask for whatever make their lives easier and therefore cannot be relied upon to give you an honest assessment of their needs. While some access requests maybe pragmatic and realistic, others may just be to change their luck on how much they can get.
As long as you can justify and present the balanced argument, justification and potential alternative solution for not giving them the access, most organisations will back the security administrator.
Simon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 6:32 PM
- SAP Managed Tags
- Security
Please check the SAP course ADM 940 where a method to design new set of Roles is given. Also there is a model available from IBM Gmbh in the SAP Press book "SAP Authorization System" called phase model.
These are Two standard models you may refer to.
regards,
Dipanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Oct 27 6:46 PM
- SAP Managed Tags
- Security
I agree with you Simon!
I think we need few process developments around Security, we have auditors but it doesnt work out so good. I will start from SAP standard templates and will see where it goes.
I will have challenges when creating Func. roles as our BA's wear multiple hats working on diff. functions.
Thanks Guys! your suggestions got rewarded, appreciate it.
Bluesky