SWU8 Trace of the BC-BMT-WFM component
SAP HANA base administrators can master the database in a way that wasn't possible back then. The SAP database is much more self-healing. Errors do less damage, are easier to detect and fix, and are less likely to impact system performance and availability before they are fixed. Monitoring tools can automatically scan application logs, identify potential errors and even suggest fixes, making it much easier to get to the root of the problem.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Permanent and proactive technical support in the SAP Basis area ensures a stable, secure and high-performance environment. Our international team of experienced and certified Basis consultants supports our customers in all phases with a wide range of services, both nearshore and on-site or remote.
Although you always make sure that authorization roles are generated when administering them, it happens again and again that there are red lights in the user assignment in the production systems. Have you considered user matching?
With "Shortcut for SAP Systems" a tool is available that greatly facilitates some tasks in the SAP basis.
As a result, maintainability often falls by the wayside and error-proneness can increase.
Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system.