Recertification of SAP role mapping with EasyReCert
In the SAP NetWeaver BI Authorization Concept lesson, the training participant is familiarized with the authorization functions of the SAP Business Information Warehouse. The differences between the authorization concept for ERP systems and the authorization concept for NetWeaver BI are taught.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
The integration of the SAP basis enables solutions to be introduced faster and better integrated into the existing system landscape. This is partly because the solutions are already known in advance and the necessary knowledge exists or is already planned. This will make it easier to implement the roadmap. It should also be noted that a clear strategy on digitisation and also on cloud products in general, as well as their possible uses, sets out a framework for action that all parties can follow. The participants thus know where the company wants to develop or orientate itself, what is possible and what is not possible or permitted. Thus, both companies and the parties have a valid point of reference at all times. This also leads to an increased acceptance within the SAP basis and a more practical implementation for the SAP basis, as the mentioned expertise is already present in the strategy. As a result, this makes it easier and cheaper to ensure operation in a manageable system landscape.
The tasks of an SAP Basis administrator are management and administration of SAP systems. In practice, it means taking responsibility for the maintenance environment of the systems, their cooperation, updating, solving user problems and efficiency issues (concerning the network, databases or operating systems), backup copies and architecture. Another task of this position is also to follow new market trends and propose solutions compliant with them.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
Settings for SPAM With Additional Settings, you can access a dialogue box where you can specify general settings for the SAP Patch Manager (SPAM).
The freeware Scribble Papers puts an end to the confusing paper chaos. The tool is also suitable for storing, structuring and quickly finding text documents and text snippets of all kinds in addition to notes.
Since the release of SAP HANA, SAP has worked to simplify the system.