Ask the Expert

Best security practices for large SAP installations

I was wondering if there is a body of information or best practices when it comes to managing security/authorization/profile/user management in large installations? We currently have a large customer site (30,000+ users) which is seeking expertise to help them design and manage the overall security around their SAP landscape. It comprises multiple SAP systems e.g. SAP R/3, BW, SRM, WP, etc.


    Requires Free Membership to View

Frankly, I am in a similar scenario. I don't know of any specific document that speaks to managing the security across the spectrum, but I can share with you some of my key principles:

First, it is important to understand where the business is going, what they want to get out of SAP, and the level of importance they put around data within SAP.
Second, Based upon the above, you need to develop a well-thought strategy and vision that you can share with business leaders. This document will serve to put clear objectives for your security efforts.
Third, assemble solid standards around every facet of the security model. From User Naming convention, User Group Convention, Role Naming Convention, ABAP Query Security approach, CATT Security approach, Table and program auth groups, Info-Cube and InfoObject security strategy, Data classifications, and Role Menu structure. Always, Always follow them. If you don't, you will regret it later, and end up doing double work.
Fourth, develop and implement a common user request process for all SAP systems. Identify business owners and document approvals.
Five, Consistently report to management your success in these factors, be honest, and stand your ground when you need to.


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: