Common SAP security practices

Common SAP security practices

Is there any common practice for setting up a group to handle SAP security? What sorts of separation of responsibilities do auditors usually ask for?

Requires Free Membership to View

Login

When you register, you will start receiving targeted emails from my award-winning team of editorial writers. Our goal is to keep you informed on the hottest topics and biggest challenges faced by SAP professionals today.

Hannah Smalltree, Editorial Director

By submitting your registration information to SearchSAP.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSAP.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Also, what profiles do Basis administrators usually have? SAP-ALL, or a profile with fewer privileges?

Really depends. Lots of factors weigh into how SAP security is designed, implemented, and administered. Usually, it comes down to: size of company, number of users, number of implementations, and corporate culture. But, typically companies will have a SAP security arm that assists configuration/process teams in designing and maintaining roles. This group will be responsible for designing preventative and detective application controls; and enforcing security policy. Auditors should carry the responsibility for auditing implemented controls (segregation of duties, use request privileges). HelpDesk should perform security administration, following business approvals.

With SAP_ALL access.. Simply put: "less is more." It is better to have fewer folks with this access than more. I feel that SAP Security and SAP BASIS should not have SAP_ALL (for their own good) in production. However, I have never won that argument.

Dig Deeper

People who read this also read...
Related tags
- sap
- security

Show me more

This was first published in January 2002

More from Related TechTarget Sites

Manufacturing ERP
Oracle
Data Management
Data Management UK
Business Analytics
CRM
Content Management

Manufacturing ERP
- S&OP software projects rely on cultural, business process changes
  
  Successful S&OP software projects are far more about fostering cultural and organizational change than addressing technical challenges, experts say.
- Teamwork, analytics help integrate financial management applications
  
  Financial management applications are essential in any enterprise IT strategy -- but integration with other business software is critical, experts say.
- Get detailed when preparing RFPs for mobile ERP and BI
  
  A clear mobile strategy will determine the right questions to ask hardware vendors, software developers and service providers, consultants say.
Oracle
- Oracle purchase of Taleo indicates rising SaaS trend
  
  Oracle has spent $3.4 billion on Taleo and RightNow in the past few months, showing that it is serious about hosting applications in the cloud for its customers.
- Making Monday the start of the week in Oracle SQL
  
  One reader asks how to set up a report in Oracle SQL so that Monday is the first day of the week.
- Oracle Advanced Analytics bundles R with Oracle Database
  
  Oracle Advanced Analytics is the company’s newest announcement around data analytics, a market that Oracle seeks to blanket with products.
Data Management
- AAA picks Dell Boomi cloud integration tools over IBM, Jitterbit
  
  A local AAA auto club serving three western states is using cloud-based data integration tools to help drive an aggressive cloud computing strategy.
- From the Editors: Framing the case for enterprise data virtualization
  
  There’s no lack of choices to consider if you’re looking at a possible data virtualization deployment -- both in terms of the vendors offering tools and the potential uses for the technology.
- Forrester Wave: Informatica, IBM lead data virtualization tools market
  
  Informatica and IBM are the top dogs in the data virtualization software market, thanks to a strong combination of “enterprise-class” features, according to Forrester Research Inc.
DataManagement UK
- SaaS BI technology comes of age
  
  SaaS BI and its benefits explained: it can improve scalability and reduce administration costs; it offers capabilities in data warehousing, ETL and analytics; it can be secured. What’s not to like?
- Gartner: Address economy, compliance with information governance, MDM
  
  IT leaders need to get information governance right if MDM is to help cut costs, stoke productivity and mitigate risk, according to Gartner on the eve of the MDM summit.
- Gartner: Business, analytics fail to connect, mobile BI gets real
  
  Gartner’s BI London summit will show a landscape beset by strategic misalignment, intra-organisational struggle and weak cloud adoption. Yet mobile BI is becoming a reality.
Business Analytics
- TDWI BI Executive Summit: Business intelligence benefits & strategies
  
  Get news and other information resources about strategies for gaining business intelligence benefits, reported from the TDWI World Conference and BI Executive Summit in Las Vegas.
- Airport retailer leaves Excel behind with BI tools makeover
  
  The Paradies Shops’ search for BI tools to access data quickly and break away from Excel spreadsheets started with data discovery vendors but didn’t end with them.
- Hadoop is hot, but not most popular ‘big data’ technology
  
  New research reveals businesses’ relative lack of “big data” maturity and the hurdles in both technology and analytics techniques they need to overcome.
CRM
- As social media expands, companies need to center social CRM plans
  
  With social CRM gaining popularity, companies need to identify their audiences are and what social media sites and technology they use, analysts say.
- Red Sox hit home run with custom Microsoft CRM app
  
  The Boston Red Sox spent seven years searching for a CRM system to handle ticketing and fan engagement before selecting a custom version of Microsoft CRM.
- Contact center social will (slowly) become norm
  
  In this expert response, find some ways contact centers are using social media channels to manage customer contact volume.
Content Management
- Web content management's new role: Fueling digitally driven businesses
  
  Web content management is not just about publishing Web pages any more, according to one industry expert. It has become a way to use content to power useful business applications for the enterprise.
- Data archive strategy key to efficient enterprise content management
  
  Digital archiving and the longevity of electronic information is being overlooked by enterprise content management professionals at the enterprise’s peril. Digital doesn’t necessarily mean permanent.
- Lancaster Bible College gets cloud Web content management system boost
  
  After technical infrastructure issues continually crashed Lancaster Bible College’s website over the course of a year, the school switched to a cloud Web content management system.

All Rights Reserved, Copyright 2000 - 2012, TechTarget