More and more companies are electing to use Fiori apps to call specific transactions in addition to the SAP GUI. This requires configuration of specific authorizations, however, which are composed of catalogs and groups. But how can you reduce the multitude of standard SAP Fiori catalogs and groups that are provided and adapt them to your own scenarios?
We are very pleased to be able to support the Swedish foundation TRR with our software solutions in the future! The company is planning to migrate their classic SAP ERP systems to SAP S/4HANA within a time frame of 6-12 months. Our SAST SUITE can be used for both the old and the new SAP landscapes.
In the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.
However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.
Wherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.
The authorization structures at many companies have grown organically. Over the course of time, users have often been granted wider authorization privileges than they actually need for their everyday work. As a result, data availability and integrity, as well as system availability, can be critically endangered. Authorization managers see an increasing need for action to minimize the risk of SAP security incidents. After all, many more IT incidents still remain unreported compared to published cases.
Seize the opportunity to take your SAP S/4HANA migration to a new level with a cleanly designed, holistically planned security and compliance strategy. After all, having structured plans from the start will reduce the workload in the long term. That’s why you should ultimately see this challenge as an opportunity as well: to improve the security of your SAP systems, streamline your role concepts, and enable use of the new system with all its benefits.
Schott AG is considering its SAP S/4HANA transformation from all aspects, from code and processes, down to authorizations for its SAP S/4HANA migration.
In this interview, Thomas Frey (SAP Authorizations Consultant, SAST SOLUTIONS) explains the requirements you need to keep track of when rolling out SAP S/4HANA – and what you must avoid at all costs.
Takeda, Japan’s largest pharmaceuticals company, manages its business processes in a global, heterogeneous IT landscape. From SAP ERP to SAP Cloud applications, employees work at a variety of levels, depending on their involvement in processes, and therefore need access to a number of systems. As a result, the company has to constantly review conflicting authorizations to meet strict compliance requirements, such as segregation of duties (SoD). Most standard software solutions on the market only monitor SoD conflicts and risks in a single system, however, which led the company to search for an end-to-end solution.
Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).
One of our long-standing customers, the largest forklift manufacturer in Europe, uses the SAST SUITE for its SAP authorization management alongside a variety of IT services from akquinet AG. As part of a compliance project, the SAST Consulting team was commissioned to redesign and re-engineer all SAP authorizations for nearly 900 users in Germany. In this guest commentary from Sascha Heckmann, together with external SAP consultant Bernhard Radermacher, he tells how the “Ticket Monitor” a custom-developed add-on for the tried and tested SAST Safe Go-Live Management helped the project become a full success.