 We are planning to conduct web based training for GRC. If any one interested let us know.
Update -I have been getting lot of emails to have more information
on portal security. Follow the link to learn more about portal security. There are few tutorial videos.
What is New in ECC5 as far as Security is concerned?
- Central User Administration (Extended)
- Improvements to the User Master Comparison (transaction PFUD)
- Statistical Functions in the Menu Maintenance for Role Maintenance (Transaction PFCG)
- You can use Customizing switches to specify for the password generator in user maintenance (transactions SU01 and SU10) whether the passwords should contain special characters, and the maximum numbers of letters and numbers that are to be contained in the passwords
- New Customizing parameters, which you maintain in table PRGN_CUST are
introduced....Read more
SAP Security Overview
From SAP Release 3.1G, SAP has continued to develop the Profile Generator to allow quicker development of authorization profiles. All authorizations should now be created using the Profile Generator, as most new functionality relies upon the assignment of roles to users rather than authorization profiles. It should be noted that assigning a role to a user will automatically assign the corresponding profile.
Benefits provided through the use of the profile generator to define authorization profiles include:
• reduced complexity and ease of use; and
• simplification of role and profile administration.
Mass maintenance of user access security design and structure can now be performed in the profile generator, which will significantly improve efficiency and accuracy of changes being made to a large number of records. When in the menu tab of the profile generator, transaction code names can be toggled on/off by selecting the magnifying glass icon in the top right of the tab.
SIGNIFICANT RISKS
• Unauthorized, or inappropriate, changes to user security resulting in excessive access, or
users not having access to perform functions.
• Authorization values may be inaccurately defined, granting inappropriate access to users.
• SAP standard delivered roles if allocated without configuration may not provide adequate organizational restrictions, or may contain transactions that the organization has deemed to be segregation of duties conflicts.
• Passwords provided to users by security administration staff are standard, or easily
guess able, resulting in unauthorized users gaining access to the SAP system.
|
eCATT Tutorial - Creating users
SAP R/3 Performance tuning by Srinivas
Sarbanes-Oxley has become the ad hoc standard for financial transparency, trust, and corporate accountability. While mandatory for all publicly-owned companies, Sarbanes-Oxley is also becoming a best practice for all types of companies who wish to identify with good governance practices.
A significant amount of attention is currently focused on Section 302 (Disclosure) and Section 404 (Internal Controls). Sarbanes-Oxley Sections 302 and 404 are designed to ensure information required to be disclosed is initiated, processed, recorded, and reported, and that management has assessed the effectiveness of internal controls regarding the reliability of financial reporting.
Sarbanes-Oxley Act of 2002 – Click here to read the entire Sarbanes-Oxley Report
New Password Rules delivered with Web AS ABAP 7.00 or NetWeaver 2004s ..more
Protecting SAP* and Password control...more
Implementing SAP Authorizations
Proper implementation of authorizations is a critical ingredient for the maintenance of security in an SAP R/3 system. Accordingly, it demands an appropriate formalized process. A preferred approach involves the following steps:....more
SAP Authorization Concept
R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. ...more
Building a Team
Most of the organization always short change on resources at the beginning of the project, as it comes close to go live, they realize that they are running short of resources. Then it becomes difficult to get a resource and train him/her. You can get very good technical resource, but not the one who knows your business process. ....more
WAS Security
The SAP Web Application Server is a further development of the SAP Application Server technology. Based on the highly scalable SAP Application Server infrastructure, new technologies have been implemented to directly process HTTP requests or other protocols coming from the Internet, and to send HTTP requests to the Internet... more |
