Rectify your top findings before the external auditors arrive!

Rectify your top findings before the external auditors arrive!Once a year, as every SAP administrator and security manager knows, the annual external audit is a given. Despite this, the current risk situation of the SAP systems is often uncertain. Have all the vulnerabilities from the last audit really been taken care of? Have new risks arisen in the meantime? If you don’t take active countermeasures, you might end up in the same situation again and again.

Continue reading

Role conversion is anything but child’s play – but you can still execute your SAP S/4HANA authorization projects quickly and securely

Roozbeh Noori-Amoli (SAST SOLUTIONS)A survey was conducted during an ITOK expert talk on the greatest challenges for SAP security in March. It revealed that over half the participants see such challenges in the area of roles and authorizations. The integration of the authorization concept represents one of the core activities during SAP S/4HANA implementation and is a frequent reason for the failure of such projects as a whole. But how can you handle conflicts like resource bottlenecks, shifting priorities for subprojects, changes to tasks, and testing?

Continue reading

Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpad

SAST Blog: Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpadThe SAP Fiori user interface is gaining in importance in current SAP S/4HANA projects. SAP applications become experiences, usability is enhanced, and the use of apps enables device-independent access – anytime and anywhere. Spaces and pages, the new way of visualizing apps in SAP Fiori Launchpad, deliver several key benefits. But how can you activate spaces and pages and what effects does this new approach have on authorization roles?

Continue reading

Create and modify app catalogs easily – with SAP Fiori Launchpad Content Manager

SAST Blog: Create and modify app catalogs easily – with SAP Fiori Launchpad Content ManagerMore and more companies are electing to use Fiori apps to call specific transactions in addition to the SAP GUI. This requires configuration of specific authorizations, however, which are composed of catalogs and groups. But how can you reduce the multitude of standard SAP Fiori catalogs and groups that are provided and adapt them to your own scenarios?

Continue reading

Practical tip: How you can avoid special roles and create new organizational levels in your SAP system based on an authorization field

Practical tip: How you can avoid special roles and create a new organizational level in your SAP system based on an authorization fieldIn the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.

However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.

Continue reading

SAP compliance: the benefits of an automated audit rules at HellermannTyton

SAST Blog: SAP Compliance: the benefits of an automated audit rules at HellermannTytonWherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.

Continue reading