/IWFND/TRACES SAP gateway traces
Clear authorization concept
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
We take over the complete maintenance management for you and ensure that your SAP installation is always up to date. As a certified SAP Gold Partner and PCoE (Partner Center of Expertise), we can provide you with all the SAP licenses you need. We advise you on the possible licensing models and only provide you with the licenses you actually need.
SAP Basis Plug-In
Before the project starts, it must be clear which systems are to be connected to the IdM and which services the system is to provide. This requires close collaboration between the department and IT, as later adaptations or additional systems will extend the implementation and exceed the budget. Analysing existing data To successfully implement an Identity Management System, high quality data is essential. Users' root data must be verified, updated, or maintained. Automation with incomplete or even incorrect data is otherwise not conceivable. Rethinking the Permission Concept With the introduction of an Identity Management System and a workflow for permission granting, the existing roles should be scrutinised once again. You should ask yourself whether the user knows what role he chooses from the current catalogue and whether it is sufficient for his task. Set Role-Owner Not only the user needs to know which role to choose. There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.
In more complex system environments, thousands, if not tens of thousands, of SAP jobs can run per day. Their interdependencies create a high level of complexity. If administrators or admin teams want to maintain an overview, they have to rely on meaningful monitoring. It must be clear at all times which jobs are running and which are not, in order to ensure proper SAP operation. Ideally, one is informed of critical errors by e-mail or SMS. The trend towards internationalization, outsourcing and mixed operation with on-premise and on-demand systems means that SAP landscapes are often widely distributed. This makes monitoring more difficult and, at the same time, clarity must be maintained. Integrating SAP job management and job requests into a central system, such as SAP Solution Manager, therefore makes sense and is useful for supplementing IT service processes in a meaningful way and accelerating process flows.
"Shortcut for SAP Systems" simplifies tasks in the area of the SAP basis and complements missing functions of the standard.
Together with you, we create a catalog of measures to ensure the optimal operation of your SAP landscape.
Double-spending means something that can be doubled, and by 2008, only one central institution was considered to be sustainable.