SAP Security Audit & Monitoring
Responsibilities of the SAP Basis consultant
A well-cared-for emergency user concept enables the audit-proof allocation of extended permissions in combination with the assurance of daily operations in your company. This article first addresses the fundamental issues that require an emergency user approach. It then briefly explains how such a concept works in general and how we implement it. An Emergency User is normally used when tasks are temporarily taken over outside the initial field of activity. I described the different scenarios of when such a user can be used and how to deal with them in this blog post for you. Why is an emergency user approach important? There are several scenarios in which the use of an emergency user with extended rights is useful: In urgent cases, it is often necessary to be able to quickly make changes to the system that are outside the user's actual field of activity. A key user who has the necessary permissions is on vacation and needs a representation. The same user suffers short-term illness and his/her representative must take over his/her duties to ensure the operation. We recommend developing a concept for the short-term allocation of the additional permissions. This will ensure the implementation of the above scenarios. How does an emergency user approach work? An emergency user concept in SAP works fundamentally via a temporary assignment of additional rights to a specific user. After the tasks have been completed, the user is deprived of the rights. The tasks performed with the extended permissions are logged and can then be evaluated by an auditor. However, there are a few things to keep in mind: A process for granting special rights should be defined. It must be specified which users can get special rights. The time period for which users can request an emergency user should be limited.
Each SAP Basis system must be controlled and managed by an administrator. This person is responsible for the smooth operation of the system. This can be an internal administrator or it can be handed over to external service providers.
Technical implementation and typical tools in the SAP Basis environment
In order to make a transaction in cryptocurrencies, you do not have to let your bank know about it as you would for "normal" money, but you have to use the Private Key to prove that you own the coins. The transaction looks like a piece of the puzzle. Half of the puzzle piece consists of information about the coin set, time and public address of the sender or receiver. The other half is the signature of the private key belonging to the sent public address. Both halves make this piece unique. Changing only one piece of information would completely change the whole transaction or the appearance of the puzzle piece. This transaction is transferred to the network or to the miner and is checked for correctness first. If everything fits, the transaction will be sent to other miners who will do the same. Otherwise, the transaction is ignored. Miners try to integrate the transactions into a block. This is called mining and we have described it so that the miners put the puzzle pieces together into a puzzle (block). A small part of a block to be integrated follows from the block that was previously mined. If all miners accept the correctness of a completed block, they will all work the next one immediately. The puzzle (block) is fixed and is irrevocably connected to the block before or after. The blocks form a chain and are called blockchain, which contains all the transactions that have ever been made and is visible and unchangeable by everyone. In doing so, blockchain replaces a central institution and avoids double-spending, which ultimately gives value to a cryptocurrency. Smart Contracts The biggest advance compared to Bitcoin and similar applications is that second-generation blockchains, such as Ethereum, use the so-called Turing-Complete script language Solidity. This enables calculations to be made within the blockchain. While Bitcoin allows only rudimentary multi-signature functions, Ethereum opens the door to much more complex operations called smart contracts. Smart contracts are contracts in which a decentralised blockchain ensures their unchangeability and execution.
SAP HANA has been one of the major topics in the SAP environment for the last few years. Many customers are currently faced with the question of whether or not to migrate your SAP system. In addition to the actual changeover itself, there are many other topics on which you should have already informed yourself in advance, as these influence the success of SAP HANA in your company. What do you already know about SAP HANA? I would like to encourage you to think about security in the following article. If you would like to learn about the architecture of HANA, I recommend a contribution from our colleagues at erlebe Software. SAP HANA Scenario But why are we even talking about HANA Security? Why is it so important to consider new security strategies with the new technology? With HANA it is possible to analyse data quickly. BW scenarios primarily benefit from the in-memory database (IMDB) used, as speed advantages in data access are particularly positive. Compared to a classic ERP / R3 scenario, the normal DB is replaced by HANA. The desired speed advantages result. However, migration is expected to be required for the changeover. This is caused by customer-specific developments in the system. HANA is not a further development of SAP ERP, HANA is the next stage of an ERP system. It is well known that an ERP system contains the capital of the companies. Therefore a new HANA system like all other ERP systems is also interesting for attackers. On the one hand, such a system contains the critical business data that are available for espionage. In addition, most business processes are mapped in such a system and offer an attack surface for sabotage. In addition, users do not initially know the new technology well. This also applies to administrators in the area of a new technology. Attackers quickly gain a dangerous leap of knowledge over these user groups. SAP HANA has a lot of new features, although many existing ones are used by SAP ERP, so there is a risk here.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
For more information on known problems, see Notes 97630 and 97620.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
SAP Fiori is the next generation presentation layer - a user experience (UX) that is particularly simple and user-friendly.