Think about updating your authorization roles in your SAP S/4HANA project!

SAP S/4HANA authorizations: brownfield or greenfieldMany companies are currently faced with the task of converting their SAP systems to SAP S/4HANA, because their ERP maintenance will be discontinued in the foreseeable future. Project planning usually only takes technical and organizational aspects into account, however; crucial security topics aren’t given enough priority. As a result, the implementation of the authorization concept and adaptation of the authorization roles often end up at the end of the line.

Continue reading

Role conversion is anything but child’s play – but you can still execute your SAP S/4HANA authorization projects quickly and securely

Roozbeh Noori-Amoli (SAST SOLUTIONS)A survey was conducted during an ITOK expert talk on the greatest challenges for SAP security in March. It revealed that over half the participants see such challenges in the area of roles and authorizations. The integration of the authorization concept represents one of the core activities during SAP S/4HANA implementation and is a frequent reason for the failure of such projects as a whole. But how can you handle conflicts like resource bottlenecks, shifting priorities for subprojects, changes to tasks, and testing?

Continue reading

Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpad

SAST Blog: Spaces and pages – A new approach to visualizing apps in SAP Fiori launchpadThe SAP Fiori user interface is gaining in importance in current SAP S/4HANA projects. SAP applications become experiences, usability is enhanced, and the use of apps enables device-independent access – anytime and anywhere. Spaces and pages, the new way of visualizing apps in SAP Fiori Launchpad, deliver several key benefits. But how can you activate spaces and pages and what effects does this new approach have on authorization roles?

Continue reading

Create and modify app catalogs easily – with SAP Fiori Launchpad Content Manager

SAST Blog: Create and modify app catalogs easily – with SAP Fiori Launchpad Content ManagerMore and more companies are electing to use Fiori apps to call specific transactions in addition to the SAP GUI. This requires configuration of specific authorizations, however, which are composed of catalogs and groups. But how can you reduce the multitude of standard SAP Fiori catalogs and groups that are provided and adapt them to your own scenarios?

Continue reading

Practical tip: How you can avoid special roles and create new organizational levels in your SAP system based on an authorization field

Practical tip: How you can avoid special roles and create a new organizational level in your SAP system based on an authorization fieldIn the standard SAP system, there are many authorization fields that are not declared as organizational levels, but instead characterized by special values. But the more authorization fields without organizational levels that contain organization-specific values like location or country, the larger the proportion of special roles grows.

However, to achieve the greatest possible transparency in role administration and avoid unnecessary authorizations – not least with system security in mind – the creation of additional special roles should be avoided wherever possible.

Continue reading

SAP compliance: the benefits of an automated audit rules at HellermannTyton

SAST Blog: SAP Compliance: the benefits of an automated audit rules at HellermannTytonWherever electricity is flowing through a cable or data is being transmitted over a fiber optics cable, HellermannTyton products are never far away. Over the last 85 years, the company has developed into a leading global provider of cable management solutions and is on track to continue this growth both nationally and internationally. This expansion is also reflected in its SAP systems and authorizations, which have grown alongside its success. Today, systems with this level of complexity are expected – internally and externally – to comply with strict requirements.

Continue reading

Improve security by redesigning your SAP authorizations – the right role template can save you time and money

SAST Blog: Improve security by redesigning your SAP authorizations – the right role template can save you time and moneyThe authorization structures at many companies have grown organically. Over the course of time, users have often been granted wider authorization privileges than they actually need for their everyday work. As a result, data availability and integrity, as well as system availability, can be critically endangered. Authorization managers see an increasing need for action to minimize the risk of SAP security incidents. After all, many more IT incidents still remain unreported compared to published cases.

Continue reading

Role adjustments for technical SAP users – how to handle authorizations safely and effectively

SAST Blog: Role adjustments for technical SAP users – how to handle authorizations safely and effectively.Technical SAP users that have extensive authorizations like SAP_ALL pose a heightened security risk. Vulnerabilities can endanger interfaces and paralyze processes. As such, external auditors are intensifying their focus on authorization management. One of our customers – a company in the energy sector – recently faced the challenge of having to restrict the authorizations of its technical users (batch processing/RFC interfaces).

Continue reading