|
Frankly, I am in a similar scenario. I don't know of any specific
document that speaks to managing the security across the spectrum, but I
can share with you some of my key principles:
First, it is important to understand where the business is going, what they
want to get out of SAP, and the level of importance they put around data
within SAP.
Second, Based upon the above, you need to develop a well-thought strategy
and vision that you can share with business leaders. This document will
serve to put clear objectives for your security efforts.
Third, assemble solid standards around every facet of the security model.
From User Naming convention, User Group Convention, Role Naming Convention,
ABAP Query Security approach, CATT Security approach, Table and program
auth groups, Info-Cube and InfoObject security strategy, Data
classifications, and Role Menu structure. Always, Always follow them. If
you don't, you will regret it later, and end up doing double work.
Fourth, develop and implement a common user request process for all SAP
systems. Identify business owners and document approvals.
Five, Consistently report to management your success in these factors, be
honest, and stand your ground when you need to.
|
