Before the project starts, it must be clear which systems are to be connected to the IdM and which services the system is to provide. This requires close collaboration between the department and IT, as later adaptations or additional systems will extend the implementation and exceed the budget. Analysing existing data To successfully implement an Identity Management System, high quality data is essential. Users' root data must be verified, updated, or maintained. Automation with incomplete or even incorrect data is otherwise not conceivable. Rethinking the Permission Concept With the introduction of an Identity Management System and a workflow for permission granting, the existing roles should be scrutinised once again. You should ask yourself whether the user knows what role he chooses from the current catalogue and whether it is sufficient for his task. Set Role-Owner Not only the user needs to know which role to choose. There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.
Cross-client tables can be modified. The control system of another, productive client can thus be undermined and undermined. Quite a lot of power! Did you also know that the SAP system provides a feature that deletes table change protocols (DBTA BLOG table) and that it is effective across all clients? If the table change logs have not been additionally archived via the BC_DBLOGS archiving object, traceability is no longer available. That way, every criminal act within your company can be beautifully covered up. Similarly, full access to batch management allows you to manage all background jobs in all clients with the permission. This allows you to delete old background jobs that have gone unauthorised. There are also some points to consider when managing print jobs. Typically, the following two SAP access permissions are enabled to protect print jobs: S_SPO_DEV (spooler device permissions) S_SPO_ACT (spooler actions). Why? Confidential information in print jobs is not protected against unauthorised disclosure. (Strictly) sensitive print jobs can be read unauthorised or redirected to external printers and printed out. Print jobs are unprotected unless additional SAP access permissions are enabled to protect print output. The print jobs are multi-tenant, which means that the authorisation award should also be well thought through at the point.
We take over the complete maintenance management for you and ensure that your SAP installation is always up to date. As a certified SAP Gold Partner and PCoE (Partner Center of Expertise), we can provide you with all the SAP licenses you need. We advise you on the possible licensing models and only provide you with the licenses you actually need.
There are several ways to introduce and operate new applications. As a company you have the choice between internal realisation and operation, outsourcing, cloud computing and so-called outtasking. In deciding on one of the above concepts, the SAP basis must be included for the evaluation of various technological and operational aspects, which offers the possibility to develop a sound decision. This decision has a significant impact on the future operation of SAP and the associated operating and maintenance costs. The recommendations listed here are intended to help you decide on other forms of service. Information on the recommendation can be found in the Master's thesis in chapters 7.8 and 9.6.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
Presentation layer: The presentation layer is the interface to the users.
Ideally, you also have a completed scientific university education (master's degree, university diploma).