Role conversion is anything but child’s play – but you can still execute your SAP S/4HANA authorization projects quickly and securely

Roozbeh Noori-Amoli (SAST SOLUTIONS)A survey was conducted during an ITOK expert talk on the greatest challenges for SAP security in March. It revealed that over half the participants see such challenges in the area of roles and authorizations. The integration of the authorization concept represents one of the core activities during SAP S/4HANA implementation and is a frequent reason for the failure of such projects as a whole. But how can you handle conflicts like resource bottlenecks, shifting priorities for subprojects, changes to tasks, and testing?

Continue reading

Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpad

SAST Blog: Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpadThe SAP Fiori user interface is gaining in importance in current SAP S/4HANA projects. SAP applications become experiences, usability is enhanced, and the use of apps enables device-independent access – anytime and anywhere. Spaces and pages, the new way of visualizing apps in SAP Fiori Launchpad, deliver several key benefits. But how can you activate spaces and pages and what effects does this new approach have on authorization roles?

Continue reading

Create and modify app catalogs easily – with SAP Fiori Launchpad Content Manager

SAST Blog: Create and modify app catalogs easily – with SAP Fiori Launchpad Content ManagerMore and more companies are electing to use Fiori apps to call specific transactions in addition to the SAP GUI. This requires configuration of specific authorizations, however, which are composed of catalogs and groups. But how can you reduce the multitude of standard SAP Fiori catalogs and groups that are provided and adapt them to your own scenarios?

Continue reading

Practical tip: How you can avoid special roles and create new organizational levels in your SAP system based on an authorization field

Practical tip: How you can avoid special roles and create a new organizational level in your SAP system based on an authorization fieldIn the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.

However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.

Continue reading

Improve security by redesigning your SAP authorizations – the right role template can save you time and money

SAST Blog: Improve security by redesigning your SAP authorizations – the right role template can save you time and moneyThe authorization structures at many companies have grown organically. Over the course of time, users have often been granted wider authorization privileges than they actually need for their everyday work. As a result, data availability and integrity, as well as system availability, can be critically endangered. Authorization managers see an increasing need for action to minimize the risk of SAP security incidents. After all, many more IT incidents still remain unreported compared to published cases.

Continue reading

Get your SAP S/4HANA migration into high gear with a sound security strategy

SAST Blog: Get your SAP S/4HANA migration into high gear with a sound security strategy.Seize the opportunity to take your SAP S/4HANA migration to a new level with a cleanly designed, holistically planned security and compliance strategy. After all, having structured plans from the start will reduce the workload in the long term. That’s why you should ultimately see this challenge as an opportunity as well: to improve the security of your SAP systems, streamline your role concepts, and enable use of the new system with all its benefits.

Continue reading

Role adjustments for technical SAP users – how to handle authorizations safely and effectively

SAST Blog: Role adjustments for technical SAP users – how to handle authorizations safely and effectively.Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).

Continue reading

Follow the progress of your SAP authorization redesign project at all times – with the “Ticket Monitor” add-on to the SAST SUITE

SAST Blog: Follow the progress of your SAP authorization redesign project at all times – with the “Ticket Monitor” add-on to the SAST SUITE.One of our long-standing customers, the largest forklift manufacturer in Europe, uses the SAST SUITE for its SAP authorization management alongside a variety of IT services from akquinet AG. As part of a compliance project, the SAST Consulting team was commissioned to redesign and re-engineer all SAP authorizations for nearly 900 users in Germany. In this guest commentary from Sascha Heckmann, together with external SAP consultant Bernhard Radermacher, he tells how the “Ticket Monitor” a custom-developed add-on for the tried and tested SAST Safe Go-Live Management helped the project become a full success.

Continue reading

Cut your costs: deactivate inactive users and reduce your SAP license fees

SAST Blog: Cut your costs: deactivate inactive users and reduce your SAP license fees.A municipal utility company recently implemented a new authorization concept to optimize maintenance, transparency, and user access. The implementation process included an assessment of whether all the existing user master records were really necessary. A major project like implementing a new authorization concept often pays for itself when inactive user master records are classified and restricted, reducing license fees as a result.

Continue reading