SlideShare ist ein Scribd-Unternehmen logo

Introduction on sap security

Als PPT, PDF herunterladen
yektek
yektek

SAP SECURITY training by yektek has unique content. http://www.yektek.com/sap-security-online-training SECURITY online Training will cover R3 security online training, BI security online training, HR security online training, CRM security online training, SRM Security online training and PORTAL security online training.

BildungTechnologie
1 von 39
 Security  SAP Security Components  Security Solution Map  Access control concepts  PFCG  Conclusion
SECURITY  Prevent Unauthorized Access
SAP Security Components
Security Solution Map
An Overview of R/3 Security Services
Access control in SAP is composed of several concepts  Program code  Authorization fields  ACTIVITY  COMPANY_CODE  Authorization objects  Authorizations  Profiles  Role  Users
Program Code That calls an authorization check using the authority-check statement. This will look something like  authority-check object id field Authorization fields: That define a scope of possible values. Examples of authorization fields would be  ACTIVITY: defines the type of activity the user is doing with the data. Possible values are 'DISPLAY', 'MODIFY', 'DELETE', etc.  COMPANY_CODE: possible values are any single value, or any range of values, or any combination thereof such as '0438' and '0600' thru '1100'
Authorization fields Authorization fields: That define a scope of possible values. Examples of authorization fields would be ACTIVITY: defines the type of activity the user is doing with the data. Possible values are 'DISPLAY', 'MODIFY', 'DELETE', etc. COMPANY_CODE: possible values are any single value, or any range of values, or any combination thereof such as '0438' and '0600' thru '1100'
Authorization objects Authorization objects that define a group of fields. For example, an authorization object called 'CO_MDATA', containing fields ACTIVITY and COMPANY_CODE, might used to control access to the company master data tables.
Authorizations, each of which belong to exactly one authorization object, that define authorization values (within the scopes defined by the authorization objects) to be granted to users. Note that an authorization is different from an authorization object!! Extending our previous examples, we might have an authorization, belonging to the authorization object 'CO_MDATA', called 'CO_MDATA_ALL', that grants all access to all company master data. Then 'CO_MDATA_ALL' would have the following values: Authorizations FIELD VALUE ACTIVITY * COMPANY_CODE *
Profiles 1. Profiles, each of which may contain several authorizations or profiles. A simple profile contains a group of authorizations. A composite profile contains a group of profiles (simple or composite). [Profiles can be conceptualized as forming the structure of a tree, in which end nodes (leaves) are authorizations, and all other nodes are profiles. Simple profiles are nodes whose children are all end nodes, and composite profiles are nodes, other than end nodes, who have no end nodes for children.]  Profiles are designed to define set or one or more functions or positions. For example, a functional profile might define all the authorizations that are required for doing a goods receipt, or for making a payment in the AP module. A position profile, on the other hand, might define all of the authorizations that are granted to an accountant, or to a warehouse supervisor. Often, a position profile is a composite profile consisting of several functional profiles.
Roles Roles are collections of activities which allow a user to use one or more business scenarios of an organization. According to the standard SAP role concept, roles containing access rights are assigned to users. These authorizations are then checked when the user performs certain actions, such as starting a transaction. Assigning a Standard Role to a User Changing Standard Roles Creating Composite Roles Note: The term activity group was replaced with the term role in SAP R/3 Release 4.6C.
Composite roles  Composite roles can simplify the user administration.  They consist of single roles. Users who are assigned a composite role are automatically assigned the associated single roles during the compare. Composite roles do not themselves contain authorization data.  Setting up composite roles are useful for example if some of your users need authorization for several roles. You can create a composite role and assign it to the users instead of putting each user in each required single role.
Derive Roles Derive Roles  There are two possible reasons for deriving a role from an existing role: • The role menus are identical but the authorizations for the menu actions are different in the derived role. • The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.
What is PFCG  The Profile Generator is a SAP tool.  Can be used to automatically create profiles and assign them easily to users.  Only selects and uses the necessary authorization objects, avoiding excessive validations in the system and thereby improving performance.  Facilitates functional communication between security or the authorization administrator and end users or consultants.  Makes defining and maintaining authorization profiles easier.
Configuring PFCG  Before using the PFGC for the first time, there are 4 steps that are required to configure and work with PFCG Tool.  1) Activate the PFCG  Based on Instance Profile parameter “auth/no_check_in_some_cases=y”  2) Set Up the Initial Copy of Profile Generator Configuration Tables (T-Code SU25)  Transfer the SAP transactions and authorization objects from SAP tables USOBT and USOBX to customer USOBT_C and USOBX_C.  You can then maintain these tables using T-Code SU24.  Table USOBT includes the relation between the transactions and the authorization objects.  3) Maintain the Scope of Authorizations Object Checks in Transactions (T-Code SU24)  This is not a mandatory step, but can be used by customers to maintain their own authorization objects to custom transactions.  4) Generate the Company Menu  Generate the SAP Standard menu and then the company menu.
Create Roles 1. Choose the pushbutton Create role or the transaction PFCG in the initial transaction SAP Easy Access. You go to the role maintenance. 2. Specify a name for the role. The roles delivered by SAP have the prefix 'SAP_'. Do not use the SAP namespace for your user roles. 3. SAP does not distinguish between the names of simple and composite roles. You should adopt your own naming convention to distinguish between simple and composite roles. 4. Choose Create. 5. Enter a meaningful role description text. You can describe the activities in the role in detail. To assign Knowledge Warehouse documentation to the role, choose Utilities ® Info object ® Assign. The user of the role can then display the documentation.
MENU TAB 2. Assign transactions, programs and/or web addresses to the role in the Menu tab. The user menu which you create here is called automatically when the user to whom this role is assigned logs on to the SAP System. You can create the authorizations for the transactions in the role menu structure in the authorizations tab.
MENU
SAP Menu You can copy complete menu branches from the SAP menu by clicking on the cross in front of it in the user menu. Expand the menu branch if you want to put lower-level nodes or individual transactions/programs in the user menu.
ABAB REPORT  Choose a report and a variant. You can skip the selection screen.  You can generate a transaction code automatically and copy the report description by setting checkboxes.  Save and Move to Authorizations Tab.
Generating Authorizations  To create authorizations for a role, choose Authorizations in the role maintenance.  The Authorizations tab displays creation and change information as well as information on the authorization profile (including the profile name, profile text and status).  Click on the change authorization
Choose Change Authorization Data 1. Choose the menu Click on the expand menu go to the respective authorization object and check the activity field assign the activity to be performed. 2. Save.
Assign Profile Name  Save the Profile and Click on Generate  You will be prompted with Default System generated Profile Name  You can keep this or you can change the Name of the Profile  Once Generated You can assign the profile to Users.
ASSIGN PROFILES TO USERS  Assign Profile to USERS  Comparing the new profile with existing profiles by using USER COMPARISION  Old profile is overwritten by new profile.  Save
MiniApps  MiniApps for the role  MiniApps are simple intuitive Web applications. The assignment of MiniApps to a role determines which MiniApps the user sees in his or her mySAP Workplace.  Save and Exit
CONCLUSION  It sounds complicated, but once you start working with authorizations, it's pretty easy.
CONCLUSION  It sounds complicated, but once you start working with authorizations, it's pretty easy.
About Approva  Founded in 2001, Approva CorporationFounded in 2001, Approva Corporation provides enterprise controls managementprovides enterprise controls management software that enables Finance, IT, andsoftware that enables Finance, IT, and Audit to automate and strengthenAudit to automate and strengthen business controls. Approva’s softwarebusiness controls. Approva’s software product, BizRights, enables companies toproduct, BizRights, enables companies to perform:perform:
Approva Provides Approva provides enterprise controls managementApprova provides enterprise controls management software that enables Business, Finance, IT and Audit tosoftware that enables Business, Finance, IT and Audit to automate and strengthen business controls.automate and strengthen business controls. On-DemandOn-Demand TestingTesting Closed-LoopClosed-Loop RemediationRemediation ContinuousContinuous Exception-Exception- BasedBased MonitoringMonitoring
What Is BizRights? BizRights is a web-based, cross-application, cross-platform enterprise controls application. This means that BizRights can monitor security and transactional data from any ERP system or platform, as well as multiple systems and platforms. Examples of what BizRights can tell you: If the same user performed the same transactions in two different SAP clients If user profiles for SAP and Oracle create a security risk or Segregation of Duties (SoD) violation If a user performed sensitive transactions that should be monitored If a user changed Master Data records If a SAP client is configured to reduce risk If transactions were performed of an unusually high monetary value, such as purchase orders that exceed a million dollars What your business is doing, according to your business rules BizRights can monitor millions of records and thousands of transactions any time you want, as often as you want. BizRights is designed for functional business professionals as well as technical specialists, including: Financial Auditors, Internal Controls staff, Compliance staff, Business Process Owners, IT Security Auditors, External Auditors More than just finding and fixing SoD violations, BizRights can monitor business process transactions, including Procure-to-Pay, Financial Close, Order-to-Cash, and Payroll.
Segregation of Duties  Segregation of duties is a basic, key internal control and one of the most difficult to achieve. It is used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. Segregation of duties provides two benefits: 1) a deliberate fraud is more difficult because it requires collusion of two or more persons, and 2) it is much more likely that innocent errors will be found. At the most basic level, it means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties.
CATEGORIES  There are four general categories of duties or responsibilities which are examined when segregation of duties are discussed: authorization, custody, record keeping and reconciliation. In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties - especially when dealing with cash, negotiable checks and inventories
Authorization Authorization: the process of reviewing and approving transactions or operations. Some examples are: > Verifying cash collections and daily balancing reports. > Approving purchase requisitions or purchase orders. > Approving time sheets, payroll certifications, leave requests and cumulative leave records. > Approving change orders, computer system design or programming changes.
Custody Having access to or control over any physical asset such as cash, checks, equipment, supplies, or materials. Some examples are: Access to any funds through the collection of funds, or processing of payments. > Access to safes, lock boxes, file cabinets or other places where money, checks or other assets are stored. > Custodian of a petty cash or change fund. > Receiving any goods or services. > Maintaining inventories. > Handling or distributing paychecks/advices, limited purchase checks or other checks.
Record Keeping The process of creating and maintaining records of revenues, expenditures, inventories, and personnel transactions. These may be manual records or records maintained in automated computer systems. Some examples are: > Preparing cash receipt back-ups or billings, purchase requisitions, payroll certifications, and leave records. > Entering charges or posting payments to an accounts receivable system. > Maintaining inventory records.
Reconciliation Verifying the processing or recording of transactions to ensure that all transactions are valid, properly authorized and properly recorded on a timely basis. This includes following up on any differences or discrepancies identified. Examples are: > Comparing billing documents to billing summaries. > Comparing funds collected to accounts receivable postings. > Comparing collections to deposits. > Performing surprise counts of funds. > Comparing payroll certifications to payroll summaries. > Performing physical inventory counts. > Comparing inventory changes to amounts purchased and sold. > Reconciling departmental records of revenue, expenditure, and payroll transactions to the PeopleSoft management reports.
Please contact

Empfohlen

SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasksSiva Pradeep Bolisetti
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 

Empfohlen

SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
sap security interview_questions
sap security interview_questionssap security interview_questions
sap security interview_questionssumitmsn2
 
Sap security tasks
Sap security tasksSap security tasks
Sap security tasksSiva Pradeep Bolisetti
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security conceptsSiva Pradeep Bolisetti
 
Sap Security
Sap SecuritySap Security
Sap Securitytechgurusuresh
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
165373293 sap-security-q
165373293 sap-security-q165373293 sap-security-q
165373293 sap-security-qAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Su24
Su24Su24
Su24Venkata Giridhar
 
How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsTL Technologies - Thoughts Become Things
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRCtechgurusuresh
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis SecurityGuang Ying Yuan
 
Cua setup procedure SAP security
Cua setup procedure SAP securityCua setup procedure SAP security
Cua setup procedure SAP securitySiva Pradeep Bolisetti
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk ManagementAuditBot SAP Security Audit
 
Sap basis made easy
Sap basis made easySap basis made easy
Sap basis made easyDurga Balaji M
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security Siva Pradeep Bolisetti
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Stefan Bergstein
 

Weitere ähnliche Inhalte

Was ist angesagt?

SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks ProceduresInprise Group
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and InstructionMart Leepin
 

Was ist angesagt? (20)

SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questions
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
 
Sap Security
Sap SecuritySap Security
Sap Security
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
165373293 sap-security-q
165373293 sap-security-q165373293 sap-security-q
165373293 sap-security-q
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRC
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
 
Su24
Su24Su24
Su24
 
How to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systemsHow to perform critical authorizations and so d checks in sap systems
How to perform critical authorizations and so d checks in sap systems
 
Sap Access Risks Procedures
Sap Access Risks ProceduresSap Access Risks Procedures
Sap Access Risks Procedures
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
Cua setup procedure SAP security
Cua setup procedure SAP securityCua setup procedure SAP security
Cua setup procedure SAP security
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 steps
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk Management
 
Sap basis made easy
Sap basis made easySap basis made easy
Sap basis made easy
 
SU01 - Background and Instruction
SU01 - Background and InstructionSU01 - Background and Instruction
SU01 - Background and Instruction
 

Andere mochten auch

Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Stefan Bergstein
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
How to Archive and Read FI_ACCOUNT in SAP R/3
How to Archive and Read FI_ACCOUNT in SAP R/3How to Archive and Read FI_ACCOUNT in SAP R/3
How to Archive and Read FI_ACCOUNT in SAP R/3Mohammad Ali Rajabi
 
Benefits of Data Archiving in Data Warehouses
Benefits of Data Archiving in Data WarehousesBenefits of Data Archiving in Data Warehouses
Benefits of Data Archiving in Data WarehousesVineet
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figuresERPScan
 
Анализ безопасности и много другое
Анализ безопасности и много другоеАнализ безопасности и много другое
Анализ безопасности и много другоеCisco Russia
 
Data Archiving -Ramesh sap bw
Data Archiving -Ramesh sap bwData Archiving -Ramesh sap bw
Data Archiving -Ramesh sap bwramesh rao
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsHR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsUL Transaction Security
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySven Ringling
 

Andere mochten auch (13)

Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administration
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
How to Archive and Read FI_ACCOUNT in SAP R/3
How to Archive and Read FI_ACCOUNT in SAP R/3How to Archive and Read FI_ACCOUNT in SAP R/3
How to Archive and Read FI_ACCOUNT in SAP R/3
 
Benefits of Data Archiving in Data Warehouses
Benefits of Data Archiving in Data WarehousesBenefits of Data Archiving in Data Warehouses
Benefits of Data Archiving in Data Warehouses
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
 
Sap archiving process
Sap archiving processSap archiving process
Sap archiving process
 
Анализ безопасности и много другое
Анализ безопасности и много другоеАнализ безопасности и много другое
Анализ безопасности и много другое
 
Data Archiving -Ramesh sap bw
Data Archiving -Ramesh sap bwData Archiving -Ramesh sap bw
Data Archiving -Ramesh sap bw
 
SAP HANA
SAP HANASAP HANA
SAP HANA
 
HR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM AuthorizationsHR Security in SAP: Securing Data Beyond HCM Authorizations
HR Security in SAP: Securing Data Beyond HCM Authorizations
 
SAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data securitySAP HCM authorisations: streamline processes and improve HR data security
SAP HCM authorisations: streamline processes and improve HR data security
 

Ähnlich wie Introduction on sap security

Salesforce Spring 14 Release Developer Overview
Salesforce Spring 14 Release Developer OverviewSalesforce Spring 14 Release Developer Overview
Salesforce Spring 14 Release Developer OverviewRoy Gilad
 
Oracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentOracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentRajendra Gudla
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsHappiest Minds Technologies
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environmentshappiestmindstech
 
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSIQ Online Training
 
96593102 sap-cs
96593102 sap-cs96593102 sap-cs
96593102 sap-csnvsvijay
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission SetsConfigero
 
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.doc
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.docCRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.doc
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.docKrisStone4
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfCristina Vidu
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2HungPham381
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxjuancusa
 
Table of contents
Table of contentsTable of contents
Table of contentskamal kumar
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-MadhuMadhu Sharma
 
Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12MuhammadAbubakar206124
 
Salesforce.com Winter '14 Release Overview
Salesforce.com Winter '14 Release Overview Salesforce.com Winter '14 Release Overview
Salesforce.com Winter '14 Release OverviewSumitkumar Shingavi
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 

Ähnlich wie Introduction on sap security (20)

Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
Salesforce Spring 14 Release Developer Overview
Salesforce Spring 14 Release Developer OverviewSalesforce Spring 14 Release Developer Overview
Salesforce Spring 14 Release Developer Overview
 
Oracle Human Capital Management Setup Document
Oracle Human Capital Management Setup DocumentOracle Human Capital Management Setup Document
Oracle Human Capital Management Setup Document
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest MindsWhitepaper: Continuous Compliance in SAP Environments - Happiest Minds
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
 
Continuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-EnvironmentsContinuous Compliance-in-Sap-Environments
Continuous Compliance-in-Sap-Environments
 
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERSORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
ORACLE FUSION FINANCIAL CLOUD FEATURES - CREATING IMPLEMENTATION USERS
 
96593102 sap-cs
96593102 sap-cs96593102 sap-cs
96593102 sap-cs
 
Keeping it Simple with Permission Sets
Keeping it Simple with Permission SetsKeeping it Simple with Permission Sets
Keeping it Simple with Permission Sets
 
Security
SecuritySecurity
Security
 
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.doc
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.docCRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.doc
CRM WebClient UI for Interaction Center_C4H_CRM702_BB_ConfigGuide_EN_XX.doc
 
Automation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdfAutomation Hub Best Practices - Large Scale Rollouts.pdf
Automation Hub Best Practices - Large Scale Rollouts.pdf
 
Salesforce admin training 2
Salesforce admin training 2Salesforce admin training 2
Salesforce admin training 2
 
SAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docxSAP_HANA_SECURITY_overview_online_Resear.docx
SAP_HANA_SECURITY_overview_online_Resear.docx
 
Table of contents
Table of contentsTable of contents
Table of contents
 
SAP-Security-Madhu
SAP-Security-MadhuSAP-Security-Madhu
SAP-Security-Madhu
 
Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12Understanding and using life event checklists in oracle hrms r12
Understanding and using life event checklists in oracle hrms r12
 
Oracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_NewOracle_Procurement_Cloud_Release_8_Whats_New
Oracle_Procurement_Cloud_Release_8_Whats_New
 
Salesforce.com Winter '14 Release Overview
Salesforce.com Winter '14 Release Overview Salesforce.com Winter '14 Release Overview
Salesforce.com Winter '14 Release Overview
 
SAP BASIS Training in Chennai
SAP BASIS Training in ChennaiSAP BASIS Training in Chennai
SAP BASIS Training in Chennai
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 

Kürzlich hochgeladen

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 

Kürzlich hochgeladen (20)

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Introduction on sap security

  • 1.
  • 2.  Security  SAP Security Components  Security Solution Map  Access control concepts  PFCG  Conclusion
  • 6. An Overview of R/3 Security Services
  • 7. Access control in SAP is composed of several concepts  Program code  Authorization fields  ACTIVITY  COMPANY_CODE  Authorization objects  Authorizations  Profiles  Role  Users
  • 8. Program Code That calls an authorization check using the authority-check statement. This will look something like  authority-check object id field Authorization fields: That define a scope of possible values. Examples of authorization fields would be  ACTIVITY: defines the type of activity the user is doing with the data. Possible values are 'DISPLAY', 'MODIFY', 'DELETE', etc.  COMPANY_CODE: possible values are any single value, or any range of values, or any combination thereof such as '0438' and '0600' thru '1100'
  • 9. Authorization fields Authorization fields: That define a scope of possible values. Examples of authorization fields would be ACTIVITY: defines the type of activity the user is doing with the data. Possible values are 'DISPLAY', 'MODIFY', 'DELETE', etc. COMPANY_CODE: possible values are any single value, or any range of values, or any combination thereof such as '0438' and '0600' thru '1100'
  • 10. Authorization objects Authorization objects that define a group of fields. For example, an authorization object called 'CO_MDATA', containing fields ACTIVITY and COMPANY_CODE, might used to control access to the company master data tables.
  • 11. Authorizations, each of which belong to exactly one authorization object, that define authorization values (within the scopes defined by the authorization objects) to be granted to users. Note that an authorization is different from an authorization object!! Extending our previous examples, we might have an authorization, belonging to the authorization object 'CO_MDATA', called 'CO_MDATA_ALL', that grants all access to all company master data. Then 'CO_MDATA_ALL' would have the following values: Authorizations FIELD VALUE ACTIVITY * COMPANY_CODE *
  • 12. Profiles 1. Profiles, each of which may contain several authorizations or profiles. A simple profile contains a group of authorizations. A composite profile contains a group of profiles (simple or composite). [Profiles can be conceptualized as forming the structure of a tree, in which end nodes (leaves) are authorizations, and all other nodes are profiles. Simple profiles are nodes whose children are all end nodes, and composite profiles are nodes, other than end nodes, who have no end nodes for children.]  Profiles are designed to define set or one or more functions or positions. For example, a functional profile might define all the authorizations that are required for doing a goods receipt, or for making a payment in the AP module. A position profile, on the other hand, might define all of the authorizations that are granted to an accountant, or to a warehouse supervisor. Often, a position profile is a composite profile consisting of several functional profiles.
  • 13. Roles Roles are collections of activities which allow a user to use one or more business scenarios of an organization. According to the standard SAP role concept, roles containing access rights are assigned to users. These authorizations are then checked when the user performs certain actions, such as starting a transaction. Assigning a Standard Role to a User Changing Standard Roles Creating Composite Roles Note: The term activity group was replaced with the term role in SAP R/3 Release 4.6C.
  • 14. Composite roles  Composite roles can simplify the user administration.  They consist of single roles. Users who are assigned a composite role are automatically assigned the associated single roles during the compare. Composite roles do not themselves contain authorization data.  Setting up composite roles are useful for example if some of your users need authorization for several roles. You can create a composite role and assign it to the users instead of putting each user in each required single role.
  • 15. Derive Roles Derive Roles  There are two possible reasons for deriving a role from an existing role: • The role menus are identical but the authorizations for the menu actions are different in the derived role. • The menu and authorizations of the derived role are identical, but the organizational levels are different in the derived role.
  • 16. What is PFCG  The Profile Generator is a SAP tool.  Can be used to automatically create profiles and assign them easily to users.  Only selects and uses the necessary authorization objects, avoiding excessive validations in the system and thereby improving performance.  Facilitates functional communication between security or the authorization administrator and end users or consultants.  Makes defining and maintaining authorization profiles easier.
  • 17. Configuring PFCG  Before using the PFGC for the first time, there are 4 steps that are required to configure and work with PFCG Tool.  1) Activate the PFCG  Based on Instance Profile parameter “auth/no_check_in_some_cases=y”  2) Set Up the Initial Copy of Profile Generator Configuration Tables (T-Code SU25)  Transfer the SAP transactions and authorization objects from SAP tables USOBT and USOBX to customer USOBT_C and USOBX_C.  You can then maintain these tables using T-Code SU24.  Table USOBT includes the relation between the transactions and the authorization objects.  3) Maintain the Scope of Authorizations Object Checks in Transactions (T-Code SU24)  This is not a mandatory step, but can be used by customers to maintain their own authorization objects to custom transactions.  4) Generate the Company Menu  Generate the SAP Standard menu and then the company menu.
  • 18. Create Roles 1. Choose the pushbutton Create role or the transaction PFCG in the initial transaction SAP Easy Access. You go to the role maintenance. 2. Specify a name for the role. The roles delivered by SAP have the prefix 'SAP_'. Do not use the SAP namespace for your user roles. 3. SAP does not distinguish between the names of simple and composite roles. You should adopt your own naming convention to distinguish between simple and composite roles. 4. Choose Create. 5. Enter a meaningful role description text. You can describe the activities in the role in detail. To assign Knowledge Warehouse documentation to the role, choose Utilities ® Info object ® Assign. The user of the role can then display the documentation.
  • 19. MENU TAB 2. Assign transactions, programs and/or web addresses to the role in the Menu tab. The user menu which you create here is called automatically when the user to whom this role is assigned logs on to the SAP System. You can create the authorizations for the transactions in the role menu structure in the authorizations tab.
  • 20. MENU
  • 21. SAP Menu You can copy complete menu branches from the SAP menu by clicking on the cross in front of it in the user menu. Expand the menu branch if you want to put lower-level nodes or individual transactions/programs in the user menu.
  • 22. ABAB REPORT  Choose a report and a variant. You can skip the selection screen.  You can generate a transaction code automatically and copy the report description by setting checkboxes.  Save and Move to Authorizations Tab.
  • 23. Generating Authorizations  To create authorizations for a role, choose Authorizations in the role maintenance.  The Authorizations tab displays creation and change information as well as information on the authorization profile (including the profile name, profile text and status).  Click on the change authorization
  • 24. Choose Change Authorization Data 1. Choose the menu Click on the expand menu go to the respective authorization object and check the activity field assign the activity to be performed. 2. Save.
  • 25. Assign Profile Name  Save the Profile and Click on Generate  You will be prompted with Default System generated Profile Name  You can keep this or you can change the Name of the Profile  Once Generated You can assign the profile to Users.
  • 26. ASSIGN PROFILES TO USERS  Assign Profile to USERS  Comparing the new profile with existing profiles by using USER COMPARISION  Old profile is overwritten by new profile.  Save
  • 27. MiniApps  MiniApps for the role  MiniApps are simple intuitive Web applications. The assignment of MiniApps to a role determines which MiniApps the user sees in his or her mySAP Workplace.  Save and Exit
  • 28. CONCLUSION  It sounds complicated, but once you start working with authorizations, it's pretty easy.
  • 29. CONCLUSION  It sounds complicated, but once you start working with authorizations, it's pretty easy.
  • 30. About Approva  Founded in 2001, Approva CorporationFounded in 2001, Approva Corporation provides enterprise controls managementprovides enterprise controls management software that enables Finance, IT, andsoftware that enables Finance, IT, and Audit to automate and strengthenAudit to automate and strengthen business controls. Approva’s softwarebusiness controls. Approva’s software product, BizRights, enables companies toproduct, BizRights, enables companies to perform:perform:
  • 31. Approva Provides Approva provides enterprise controls managementApprova provides enterprise controls management software that enables Business, Finance, IT and Audit tosoftware that enables Business, Finance, IT and Audit to automate and strengthen business controls.automate and strengthen business controls. On-DemandOn-Demand TestingTesting Closed-LoopClosed-Loop RemediationRemediation ContinuousContinuous Exception-Exception- BasedBased MonitoringMonitoring
  • 32. What Is BizRights? BizRights is a web-based, cross-application, cross-platform enterprise controls application. This means that BizRights can monitor security and transactional data from any ERP system or platform, as well as multiple systems and platforms. Examples of what BizRights can tell you: If the same user performed the same transactions in two different SAP clients If user profiles for SAP and Oracle create a security risk or Segregation of Duties (SoD) violation If a user performed sensitive transactions that should be monitored If a user changed Master Data records If a SAP client is configured to reduce risk If transactions were performed of an unusually high monetary value, such as purchase orders that exceed a million dollars What your business is doing, according to your business rules BizRights can monitor millions of records and thousands of transactions any time you want, as often as you want. BizRights is designed for functional business professionals as well as technical specialists, including: Financial Auditors, Internal Controls staff, Compliance staff, Business Process Owners, IT Security Auditors, External Auditors More than just finding and fixing SoD violations, BizRights can monitor business process transactions, including Procure-to-Pay, Financial Close, Order-to-Cash, and Payroll.
  • 33. Segregation of Duties  Segregation of duties is a basic, key internal control and one of the most difficult to achieve. It is used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. Segregation of duties provides two benefits: 1) a deliberate fraud is more difficult because it requires collusion of two or more persons, and 2) it is much more likely that innocent errors will be found. At the most basic level, it means that no single individual should have control over two or more phases of a transaction or operation. Management should assign responsibilities to ensure a crosscheck of duties.
  • 34. CATEGORIES  There are four general categories of duties or responsibilities which are examined when segregation of duties are discussed: authorization, custody, record keeping and reconciliation. In an ideal system, different employees would perform each of these four major functions. In other words, no one person should have control of two or more of these responsibilities. The more negotiable the asset, the greater the need for proper segregation of duties - especially when dealing with cash, negotiable checks and inventories
  • 35. Authorization Authorization: the process of reviewing and approving transactions or operations. Some examples are: > Verifying cash collections and daily balancing reports. > Approving purchase requisitions or purchase orders. > Approving time sheets, payroll certifications, leave requests and cumulative leave records. > Approving change orders, computer system design or programming changes.
  • 36. Custody Having access to or control over any physical asset such as cash, checks, equipment, supplies, or materials. Some examples are: Access to any funds through the collection of funds, or processing of payments. > Access to safes, lock boxes, file cabinets or other places where money, checks or other assets are stored. > Custodian of a petty cash or change fund. > Receiving any goods or services. > Maintaining inventories. > Handling or distributing paychecks/advices, limited purchase checks or other checks.
  • 37. Record Keeping The process of creating and maintaining records of revenues, expenditures, inventories, and personnel transactions. These may be manual records or records maintained in automated computer systems. Some examples are: > Preparing cash receipt back-ups or billings, purchase requisitions, payroll certifications, and leave records. > Entering charges or posting payments to an accounts receivable system. > Maintaining inventory records.
  • 38. Reconciliation Verifying the processing or recording of transactions to ensure that all transactions are valid, properly authorized and properly recorded on a timely basis. This includes following up on any differences or discrepancies identified. Examples are: > Comparing billing documents to billing summaries. > Comparing funds collected to accounts receivable postings. > Comparing collections to deposits. > Performing surprise counts of funds. > Comparing payroll certifications to payroll summaries. > Performing physical inventory counts. > Comparing inventory changes to amounts purchased and sold. > Reconciling departmental records of revenue, expenditure, and payroll transactions to the PeopleSoft management reports.