SE90 Repository Info System / Object Navigation
FILE Logical file paths and names
The default permissions to open and use a launchpad are the SAP_UI2_USER_700. The role for the administration is SAP_UI2_ADMIN_700. In the administration interface, the launchpad can be customised, so this permission should only be released to a few users for administration.
More security with less effort Internal employees often do not have the comprehensive know-how to know all relevant security risks. However, our security experts specialise in this. We use a standardised approach to determine your current security situation. Based on the analysis results, we show you where the security of your SAP systems can be improved and show you possible solutions. Focus your internal resources on your core business, while our experts will perform a customised audit on your SAP system to determine your security status. SAP Security Check - Our standardised approach (4-step model) Briefing: You register an interest in SAP Security Check. A consultant will contact you and discuss the details of the exam. They have the opportunity to clarify individual issues and to determine the focus of the security check. Data extraction: To ensure that your system is not affected by our audit, we export the relevant data manually or with the help of a data export tool. Analysis: Our security experts analyse the data, evaluate the results and prepare your report. Results: We will discuss the results of SAP Security Check with you. If safety deficiencies have been discovered, we will give recommendations for action on how to correct them. Optionally, you can ask our experts to solve your security risks in the short term. Your security risks become transparent Rapid assessment of your current SAP security status Detailed analysis and documentation Simple traffic light system enables overview of the results You can assess and prioritise the potential for danger for your company for every risk Know-how Transfer and recommendations for action You can easily communicate internally with the transparent and easily understandable final report You can close the relevant security gaps with our measures Optional: Eliminating security deficiencies Experts Our standardised approach enables us to assess the security of your SAP systems systematically and quickly. You do not need to build up authorisation expertise.
Solution Manager
Migrations occur, for example, when a customer decides to host his systems at Rödl & Partner and the SAP systems therefore have to be migrated from in-house operation or from the original hosting provider to our data center. Also in the course of a conversion to S/4HANA, the data is migrated from the original database type to an SAP HANA database. This is also done with the tool "SUM" (Software Update Manager) via the so-called "DMO" (Database Migration Option).
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP basis.
Figure 4: IT Outsourcing Decision Matrix THE DECISION TO OUTSOURCE A TASK OR PERFORMANCE SHOULD BE MADE NOT ONLY IN TERMS OF COSTS BUT ALSO BY ASSESSING COMPETITION DIFFERENTIATION AND STRATEGIC IMPORTANCE.
Understanding the structure and functioning of the system is especially important for IT administration. It is not for nothing that "SAP Basis Administrator" is a separate professional field. On the page www.sap-corner.de you will find useful information on this topic.
This also leads to an increased acceptance within the SAP basis and a more practical implementation for the SAP basis, as the mentioned expertise is already present in the strategy.