SlideShare a Scribd company logo

SAP Security GRC online training in India, UK & USA call +91-8099902123

Download as DOC, PDF
United Global Soft
United Global Soft

SAP Security GRC online training in India, UK & USA call +91-8099902123 Email: nitesh@unitedglobalsoft.com

EducationTechnology
1 of 12
CONTENT: SAP Security Roles and Responsibilities: Different type of SAP systems: 1. R/3(old) or ECC(new) 2. APO 3. CRM 4. BI 5. SRM 6. Central User Administration(CUA) 7. Portal 8. GRC toll for SAP Security (old toll - VIRSA) User Administration Tasks: 1. Password Reset 2. User lock and unlocking 3. User creation – IT user and Business user
4. Different type of users OSS & RFC 5. User Groups creation 6. User Parameters updating 7. Changing user group 8. Updating user date format, decimal notation, Time zone & Printers 9. Adding roles to users on permanent or temporary basis 10. Deleting roles from user 11. Adding or deleting profiles to user (not required..just to know) 12. Down loading security reports from SUIM 13. Finding missing authorizations with the SU53 dump 14. Finding role with SU53 missing authorization 15. Assigning additional roles to the user with or without validity
16. Assigning a role to the 100 users at a time(SU10) 17. Locking and unlocking 100 users at a time 18. Changing user group or time zone to 100 users at a time 19. Creation of RFC,BATCH and OSS users 20. Extending user validity and extending role validity 21. User inactivation and user reactivation 22. User termination 23. Downloading STAD report from user 24. Checking the audit logs - SM20 25. Tracing the user authorizations 26. CUA Administration 27. Transaction lock and unlock
28. Mass role deletion( 2 Types) Role Administration: 1. Following roles naming convection while creation of roles 2. Creation of single roles 3. Creation of composite Roles 4. Creation of Derived roles 5. Adding Tcode to a role 6. Removing Tcode from a role 7. Updating objects in the roles as per missing authorization dump 8. Updating organizational values in to the roles 9. Creating global roles in all the systems 10. Updating roles while creation and modification with the reference of SU24
11. Role transportation (including inter client) 12. Template role creation 13. Area menu role creation 14. Role upload and download 15. Role Deletion 16. Pfud & supc ( Monthly maintenance security Activities) Other Key Activities: 1. Client open 2. OSS connection open and access details update in service market place 3. RFC connection creation 4. Providing sensitive Tcode, objects and Roles access
5. Providing fire call access (User firecall/Role firecall) 6. Providing developer key 7. Providing access key for object 8. PFUD and SUPC for maintenance activity 9. SAP Licensing(Measurement Data) 10. Portal user administration including mass changes SAP Security Reporting for SOX Compliance: 1. Downloading user’s login report who are not login to the system from past 7 days after creation user ID 2. Downloading user’s report who are not login to the system from past 45 days 3. Down loading user’s report who are not login to the system from past 90 days 4. Client Settings status scc4, scc1
5. Security System Parameter checking – RZ11 6. Forbidden Password Report---SE16---USR40 7. Tracking security users list and their roles---SUIM 8. List the non dialog users and make sure those users should not be in locked status-- SUIM 9. Random request checking for quality of work 10. User termination as per weekly HR termination report 11. Download SM20-audit log report on weekly basis 12. Users with Incomplete Address Data - rsusr007(Last Name, First Name, Email) 13. No User should have SAP_ALL & SAP_NEW profiles assigned to dialog users-SUIM 14. RSUSR003 is used for checking SAP* and DDIC in all clients along with login parameters. This report is used to ensure SAP* and DDIC have been secured in all clients. This report also allows checking of login parameters, such as number of invalid login attempts until user lock, login/system and client.
15. Document details steps of Emergency ID process for debug access.(AGR_USERS) Debug Roles should be expired for users. 16. Review Batch, RFC and Sensitive Accounts – SUIM (Users should not be locked) SAP Security Tables :( SE16 or SE16N) AGR_USERS - Users list for a role AGR_TCODES - Tcodes list for a role AGR_AGRS - LIST OF SINGLE ROLES IN COMP ROLE AGR_DEFINE - LIST OF DERIVED ROLES IN A PARENT ROLE AGR_1251 - ROLE COMPLETED INFORMATION AGR_1252 - ORG VALUES DETAILS FOR A ROLE AGR_PROF PROFILE NAME FOR ROLE USER_ADDR -ADDRESS DATA FOR USERS USR01 -USER MASTER DATA (RUNTIMEDATA) USR02 -LOGON DATA (PASSWORD, USERNAME, VALIDITY DATE ETC..) USR04 -USER MASTER AUTHORIZATION (ONE ROW PER USER) USR06 -LICENSE DATA USR40 - ILLEGAL PASSWORDS LIST USOBT RELATION -TRANSACTION TO AUTHORIZATION OBJECT (SAP) USOBT_C RELATION -TRANSACTION TO AUTH. OBJECT (CUSTOMER) USOBX CHECK -TABLE FOR TABLE USOBT
USOBXFLAGS -TEMPORARY TABLE FOR STORING USOBX/T* CHANG USOBX_C CHECK -TABLE FOR TABLE USOBT_C BI SECURITY: OVERVIEW OF BI SYSTEM (BI 7.0) REPORTING AUTHORIZATION OBJECTS BI ANALYSIS AUTHORIZATIONS TROUBLE SHOOTING. SAP ECC systems: ECC DEV (DR2) -100 and 200 ECC Test (QR2) -100 and 200 ECC PRD (PR2) -100 CRM DEV (DC2) -100,200 and 400 CRM TEST (QC2) -100,200 and 400 CRM PRD (PC1) -100 SAP three system landscape with transport root:
Role: 1. Role is a combination of the Tcodes 2. 3 type of roles a) Single Role b) Composite Role c) Derived or Base Role 3. Role structure User . . Role (Tcodes) . . Profile . . Auth Class (MM, PP, SD, BC, BS) . . Auth Object .
. Field Values 4. Common authorization class AAAB 5. Common authorization object S_TCODE What is SOX and SOD? Sarbanes-Oxley is a best practice for all types of companies who wish to identify with good governance practices. SOX have become the ad hoc standard for financial transparency, trust, and corporate accountability. Sox guidelines have been built based on the Sections 302 and 404. Those sections will describe the good governance practices. For full filling SOX compliance, we are using a tolls called VIRSA,GRC and Bizright. RULE What is SOD? Across an enterprise there are various functions and these functions are performed, together by a set of roles/responsibilities. SoD says that these set of Roles/responsibilities should be assigned in such a way that, across an enterprise, any individual should not have end to end access rights over any function
Segregation of Duties deals with access controls. Access Control ensures that one individual should not have access to two or more than two incompatible duties GRC Topics: GRC Access control 5.3 Introduction SOX Rules and SOD Concepts Risk Analysis and Remediation (RAR) -Risk Analysis on User and Role Level -Rule set -Mitigation -Configuration of RAR Super User Privilize Management (SPM) -Fire Fighter Configuration -Reports Over view On Compliance User Provisioning (CUP) 1. Performing Fire Fighter activity in EAM 2. Approver delegation and approver delegation report 3. Owner assigning firefighter id’s and controllers 4. User level violation report 5. Role level violation report 6. Finding mitigated users list 7. Background Jobs schedule and monitoring 8. How to find the log report of the Firefighter by using SPM

Recommended

Are you putting your organization at risk?
Are you putting your organization at risk?Are you putting your organization at risk?
Are you putting your organization at risk?Panaya
 
SAP Persistence - Creating Source Code Automatically
SAP Persistence - Creating Source Code AutomaticallySAP Persistence - Creating Source Code Automatically
SAP Persistence - Creating Source Code AutomaticallyBlackvard
 
Assessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP ApplicationsAssessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP Applicationssebastianschinzel
 
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAPVirtual Forge
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom CodeTony de Thomasis
 
How the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeHow the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeVirtual Forge
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 

Recommended

Are you putting your organization at risk?
Are you putting your organization at risk?Are you putting your organization at risk?
Are you putting your organization at risk?Panaya
 
SAP Persistence - Creating Source Code Automatically
SAP Persistence - Creating Source Code AutomaticallySAP Persistence - Creating Source Code Automatically
SAP Persistence - Creating Source Code AutomaticallyBlackvard
 
Assessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP ApplicationsAssessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP Applicationssebastianschinzel
 
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAP
10 GOLDEN RULES FOR CODING AUTHORIZATION CHECKS IN ABAPVirtual Forge
 
Managing SAP Custom Code
Managing SAP Custom CodeManaging SAP Custom Code
Managing SAP Custom CodeTony de Thomasis
 
How the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeHow the U.S. Department of Defense Secures Its Custom ABAP Code
How the U.S. Department of Defense Secures Its Custom ABAP CodeVirtual Forge
 
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...
How Pratt & Whitney Streamlined Their ABAP Security and Quality Code Review P...Virtual Forge
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
Custom security effective implementation
Custom security effective implementationCustom security effective implementation
Custom security effective implementationlog2srini
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRCtechgurusuresh
 
SAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP SecuritySAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP SecurityPanaya
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxDhatriParmar
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching ProfessionSri Sairam College Of Engineering Bengaluru
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 

More Related Content

Viewers also liked

SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
Custom security effective implementation
Custom security effective implementationCustom security effective implementation
Custom security effective implementationlog2srini
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
SAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP SecuritySAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP SecurityPanaya
 

Viewers also liked (6)

SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC Framework
 
Custom security effective implementation
Custom security effective implementationCustom security effective implementation
Custom security effective implementation
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
 
SAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP SecuritySAP Security Chat Tips to Improve SAP ERP Security
SAP Security Chat Tips to Improve SAP ERP Security
 

Recently uploaded

Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxSayali Powar
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxDhatriParmar
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptxmary850239
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 

Recently uploaded (20)

Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptxBIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
BIOCHEMISTRY-CARBOHYDRATE METABOLISM CHAPTER 2.pptx
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx4.11.24 Poverty and Inequality in America.pptx
4.11.24 Poverty and Inequality in America.pptx
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 

SAP Security GRC online training in India, UK & USA call +91-8099902123

  • 1. CONTENT: SAP Security Roles and Responsibilities: Different type of SAP systems: 1. R/3(old) or ECC(new) 2. APO 3. CRM 4. BI 5. SRM 6. Central User Administration(CUA) 7. Portal 8. GRC toll for SAP Security (old toll - VIRSA) User Administration Tasks: 1. Password Reset 2. User lock and unlocking 3. User creation – IT user and Business user
  • 2. 4. Different type of users OSS & RFC 5. User Groups creation 6. User Parameters updating 7. Changing user group 8. Updating user date format, decimal notation, Time zone & Printers 9. Adding roles to users on permanent or temporary basis 10. Deleting roles from user 11. Adding or deleting profiles to user (not required..just to know) 12. Down loading security reports from SUIM 13. Finding missing authorizations with the SU53 dump 14. Finding role with SU53 missing authorization 15. Assigning additional roles to the user with or without validity
  • 3. 16. Assigning a role to the 100 users at a time(SU10) 17. Locking and unlocking 100 users at a time 18. Changing user group or time zone to 100 users at a time 19. Creation of RFC,BATCH and OSS users 20. Extending user validity and extending role validity 21. User inactivation and user reactivation 22. User termination 23. Downloading STAD report from user 24. Checking the audit logs - SM20 25. Tracing the user authorizations 26. CUA Administration 27. Transaction lock and unlock
  • 4. 28. Mass role deletion( 2 Types) Role Administration: 1. Following roles naming convection while creation of roles 2. Creation of single roles 3. Creation of composite Roles 4. Creation of Derived roles 5. Adding Tcode to a role 6. Removing Tcode from a role 7. Updating objects in the roles as per missing authorization dump 8. Updating organizational values in to the roles 9. Creating global roles in all the systems 10. Updating roles while creation and modification with the reference of SU24
  • 5. 11. Role transportation (including inter client) 12. Template role creation 13. Area menu role creation 14. Role upload and download 15. Role Deletion 16. Pfud & supc ( Monthly maintenance security Activities) Other Key Activities: 1. Client open 2. OSS connection open and access details update in service market place 3. RFC connection creation 4. Providing sensitive Tcode, objects and Roles access
  • 6. 5. Providing fire call access (User firecall/Role firecall) 6. Providing developer key 7. Providing access key for object 8. PFUD and SUPC for maintenance activity 9. SAP Licensing(Measurement Data) 10. Portal user administration including mass changes SAP Security Reporting for SOX Compliance: 1. Downloading user’s login report who are not login to the system from past 7 days after creation user ID 2. Downloading user’s report who are not login to the system from past 45 days 3. Down loading user’s report who are not login to the system from past 90 days 4. Client Settings status scc4, scc1
  • 7. 5. Security System Parameter checking – RZ11 6. Forbidden Password Report---SE16---USR40 7. Tracking security users list and their roles---SUIM 8. List the non dialog users and make sure those users should not be in locked status-- SUIM 9. Random request checking for quality of work 10. User termination as per weekly HR termination report 11. Download SM20-audit log report on weekly basis 12. Users with Incomplete Address Data - rsusr007(Last Name, First Name, Email) 13. No User should have SAP_ALL & SAP_NEW profiles assigned to dialog users-SUIM 14. RSUSR003 is used for checking SAP* and DDIC in all clients along with login parameters. This report is used to ensure SAP* and DDIC have been secured in all clients. This report also allows checking of login parameters, such as number of invalid login attempts until user lock, login/system and client.
  • 8. 15. Document details steps of Emergency ID process for debug access.(AGR_USERS) Debug Roles should be expired for users. 16. Review Batch, RFC and Sensitive Accounts – SUIM (Users should not be locked) SAP Security Tables :( SE16 or SE16N) AGR_USERS - Users list for a role AGR_TCODES - Tcodes list for a role AGR_AGRS - LIST OF SINGLE ROLES IN COMP ROLE AGR_DEFINE - LIST OF DERIVED ROLES IN A PARENT ROLE AGR_1251 - ROLE COMPLETED INFORMATION AGR_1252 - ORG VALUES DETAILS FOR A ROLE AGR_PROF PROFILE NAME FOR ROLE USER_ADDR -ADDRESS DATA FOR USERS USR01 -USER MASTER DATA (RUNTIMEDATA) USR02 -LOGON DATA (PASSWORD, USERNAME, VALIDITY DATE ETC..) USR04 -USER MASTER AUTHORIZATION (ONE ROW PER USER) USR06 -LICENSE DATA USR40 - ILLEGAL PASSWORDS LIST USOBT RELATION -TRANSACTION TO AUTHORIZATION OBJECT (SAP) USOBT_C RELATION -TRANSACTION TO AUTH. OBJECT (CUSTOMER) USOBX CHECK -TABLE FOR TABLE USOBT
  • 9. USOBXFLAGS -TEMPORARY TABLE FOR STORING USOBX/T* CHANG USOBX_C CHECK -TABLE FOR TABLE USOBT_C BI SECURITY: OVERVIEW OF BI SYSTEM (BI 7.0) REPORTING AUTHORIZATION OBJECTS BI ANALYSIS AUTHORIZATIONS TROUBLE SHOOTING. SAP ECC systems: ECC DEV (DR2) -100 and 200 ECC Test (QR2) -100 and 200 ECC PRD (PR2) -100 CRM DEV (DC2) -100,200 and 400 CRM TEST (QC2) -100,200 and 400 CRM PRD (PC1) -100 SAP three system landscape with transport root:
  • 10. Role: 1. Role is a combination of the Tcodes 2. 3 type of roles a) Single Role b) Composite Role c) Derived or Base Role 3. Role structure User . . Role (Tcodes) . . Profile . . Auth Class (MM, PP, SD, BC, BS) . . Auth Object .
  • 11. . Field Values 4. Common authorization class AAAB 5. Common authorization object S_TCODE What is SOX and SOD? Sarbanes-Oxley is a best practice for all types of companies who wish to identify with good governance practices. SOX have become the ad hoc standard for financial transparency, trust, and corporate accountability. Sox guidelines have been built based on the Sections 302 and 404. Those sections will describe the good governance practices. For full filling SOX compliance, we are using a tolls called VIRSA,GRC and Bizright. RULE What is SOD? Across an enterprise there are various functions and these functions are performed, together by a set of roles/responsibilities. SoD says that these set of Roles/responsibilities should be assigned in such a way that, across an enterprise, any individual should not have end to end access rights over any function
  • 12. Segregation of Duties deals with access controls. Access Control ensures that one individual should not have access to two or more than two incompatible duties GRC Topics: GRC Access control 5.3 Introduction SOX Rules and SOD Concepts Risk Analysis and Remediation (RAR) -Risk Analysis on User and Role Level -Rule set -Mitigation -Configuration of RAR Super User Privilize Management (SPM) -Fire Fighter Configuration -Reports Over view On Compliance User Provisioning (CUP) 1. Performing Fire Fighter activity in EAM 2. Approver delegation and approver delegation report 3. Owner assigning firefighter id’s and controllers 4. User level violation report 5. Role level violation report 6. Finding mitigated users list 7. Background Jobs schedule and monitoring 8. How to find the log report of the Firefighter by using SPM