What is SAP Security and Why it is important

What is SAP Security and Why it is important


SAP software is used by many organizations as their business application, so the data pertaining to SAP should be protected from unauthorized access within the organization and outside of the organization. The system should be monitored and protected. SAP Security is all about securing the code which includes securing custom code and SAP code. Server configuration, secure login, system communication, data security, authorizations and users security are essential to secure. At the same time it is required to maintain the system compliance by monitoring the system, performing timely audits, and creating emergency plans.


SAP Security is important in protecting the systems from cyber threats. This way one can maintain the integrity, confidentiality and availability of the system. The most common use cases are data leak detection, periodic audits, central system monitoring, and finding unauthorized access. Any attack on the SAP system can cause a major impact on the business operations and it results in financial loss as well as reputation loss. 


Working with SAP Security


  1. Authorizations and Roles:

Authorizations and Roles are delivered by SAP. Based on the company requirements, these can be customized. The critical part is assigning these authorizations and roles combinations because of segregation of duties (SOD). Assigning critical roles and critical authorizations should be avoided and assigned only when it is required. The assignment of critical authorizations or roles should be done through firefighter accounts. Identifying required authorizations and its combinations is very important. Another important topic is continuous review of SAP authorizations and roles. SUIM transaction code helps in identifying the critical authorizations and roles.


  1. Monitoring the transactions:

SAP provides a number of transaction and function modules for operating the system. User accounts are created and assigned necessary authorizations to work with the SAP system. Authorization assignment to users plays an important role, because it restricts the access of the usage of transactions. Monitoring the transaction executions, SAP reports, programs and RFC calls in SAP system are crucial.


  1. Security SAP Code:

One more essential thing is to secure the SAP code. ABAP developers develop the code in the development system and transport it to production systems without sufficient testing of the code. For the purpose of inspecting the code, SAP provides modules like Code Vulnerability Analyzer.


  1. System Settings:

Making the settings in the SAP system is the fundamental aspect in SAP security. There are various setting options in the system like profile parameters. These parameter settings are done at the database level and are stored in the files. SAP rollouts must comply with the system setting rules and these rules can be found in the SAP installation and configuration guides. The application layer, database layer and  operating system layers are considered while configuring the system settings. 


  1. Configuring RFCs:

Remote Function Calls are the SAP’s internal firewall and should be properly configured to protect from unauthorized remote access.


  1. SAP Security logs:

Security logs are the most critical logs. These logs are monitored using SM20 transactions. These logs contain security changes and audit relevant changes. Change logs of the database tables can be displayed using SCU3 and SMGW is used to monitor the RFC, ICM and Web Dispatcher changes.



 

Comments

Post a Comment

Popular posts from this blog

SAP Security: Critical Authorization Objects

SAP Security: Critical Authorization Objects 1. S_TABU_DIS: This authorization object enables authorization check for displaying or modifying the table content. For accessing the table data, users use SE16, SM30 or SM31 transaction codes. This object contains two fields, DICBERCLS (authorization group) and ACTCT. 2. S_RFC: This authorization object enables authorization check for remote function call to access program modules (function modules). This authorization object contains three fields, RFC_TYPE, RFC_NAME and ACTCT. 3. S_DATASET: This authorization object enable file access at operating system level. This gives permission to access files from ABAP programs. This object contains three fields, File name, Program and Activity. 4. S_ADMI_FCD: This authorization objects enable access to various administrator activities like system monitoring, spool administration, client creations, update administration etc. This object contains one field, system administration functions. 5. S_DE...
Read more

SAP Security: How to set auto Logoff for Inactive users in SAP

Image
How to set auto Logoff for Inactive users in SAP SAP provides an options for logging of inactive users in SAP automatically. Inactive means if there is no activity for a specific period of time. By setting the auto logoff improves the security in the SAP system. The auto logoff options is not active in the system by default. This needs to be activated using the profile parameter called rdisp/gui_auto_logout. The value for this parameter should be set in the form of seconds. The inactive users are logout of the system after the specific time period that is set in the parameter. The SAP system doesn't save the data before auto logoff and it does not popup any prompt before auto logoff. Procedure to set the value in the Profile parameter: Execute transaction code RZ10 Select the DEFAULT profile from the selection menu. Select the Extended maintenance and click on change icon. Click on the create parameter icon as shown below. Enter the new parameter name as rdisp/gui_auto_logout and c...
Read more

SAP GRC Security Consultant Roles and Responsibilities

SAP GRC Security Consultant Roles and Responsibilities 1. SAP GRC Consultant should have a knowledge on Governance, Risk and Compliance products. 2. Should have a thorough knowledge as well as experience in relation between ERP and GRC systems. 3. Should have an experience in configuring and supporting of GRC components like ARA, ARM, BRM and EAM. 4. GRC consultant should be having good understanding of GRC architecture. 5. Should be having hands on experience in user provisioning, role management, risk analysis, emergency access management and monitoring. 6. Should have experience in pre installation, post installation, connector settings, rule building and MSMP workflows and BRF+ in the ARM and BRM components. 7. Should have experience in end to end implementation of GRC Access Controls. 8. Should have experience in designing and developing the SAP business process. 9. Should be able to gather business requirements and implement the same in the GRC AC modules like ARA, ARM, BRM and E...
Read more