SlideShare une entreprise Scribd logo
1  sur  6
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 1
Introduction
 What is Security
 Building blocks
 Common terminologies used Most Common
 tools in Security
 CUA
What is Security?
 Security concept is same around the globe like in your normal life, security
 means removing or restricting unauthorized access to your belongings. For
 example your Car, laptop or cared cards etc
 IT Security?
 Information security (sometimes shortened to InfoSec) is the practice
 defending information from unauthorized access, use, disclosure, disruption,
 modification, perusal, inspection, recording or destruction. It is a general
term
 that can be used regardless of the form the data may take (electronic,
physical,
SAP Security?
 In the same context of InfoSec. SAP securities have the same meaning… or
in other words - who can do what in SAP?
 Building Blocks
 User Master
 Record Roles
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 2
 Profiles Authorization
 Objects
User Master Record?
A User initially has no access in SAP
 When we create access in system it defines UMR User Master Record
information includes:
 Name, Password, Address, User type, Company information
 User Group
 Roles and Profiles
 Validity dates (from/to)
 User defaults (logon language, default printer, date format, etc)
 User Types: Dialog – typical for most users System – cannot be used for
dialog login, can communicate between systems and start background jobs
Communications Data – cannot be used for dialog login, can communicate
between systems but cannot start background jobs Reference – cannot log in,
used to assign additional Authorizations
 Roles and Profiles Roles is group of tcode (s), which is used to perform a
specific business task.
 Each role requires specific privileges to perform a function in SAP that is
called AUTHORIZATIONS There are 3 types of Roles:
 Single – an independent Role
 Derived – has a parent and differs only in Organization Levels. Maintain
Transactions, Menu, Authorizations only at the parent level
 Composite – container that contains one or more Single or Derived Roles
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 3
Authorization Objects
• Authorization Objects are the keys to SAP security
• When you attempt actions in SAP the system checks to see whether you have the
appropriate Authorizations
• The same Authorization Objects can be used by different Transactions
User Buffer?
• When a User logs into the system, all of the Authorizations that the User has are
loaded into a special place in memory called the User Buffer
• As the User attempts to perform activities, the system checks whether the user
has the appropriate Authorization Objects in the User Buffer.
• You can see the buffer in Transaction.
Executing a Transaction (Authorization Checks)
1) Does the Transaction exist? All Transactions have an entry in table TSTC
2) Is the Transaction locked? Transactions are locked using Transaction SM01
Once locked, they cannot be used in any client
3) Can the User start the Transaction? Every Transaction requires that the user
have the Object S_TCODE=Transaction Name Some Transactions also
require another Authorization Object to start (varies depending on the
Transaction)
4) What can the User do in the Transaction? The system will check to see if the
user has additional Authorization Objects as necessary
How to trace missing Authorization Frequently you find that the role you built has
inadequate accesses and will fail during testing or during production usage. Why?
Why It happens?
Negligence of tester or some other reason How process initiated?
This process kicks when security guy receives:
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 4
 Email or
 phone call or
 ticket
How do we determine correct accesses required?
 SAP has various tools to analyze access errors and determine correct
Authorizations required: ´Use Last Failed Authorization check - SU53 (60%
effective)
 Use Assignment of Auth Object to Transactions - SU24 (60% effective)
 Trace the Authorizations for a function - ST01 (90% effective)
 Common Terminologies
 User master Records Roles Authorizations Authority
 Check user buffer Authorization Errors security matrix
 Profiles Authorization Objects User menus
SAP Password controls There are some Standard SAP password Controls delivered
by SAP which cannot be changed
 First-time users forced to change their passwords before they can log onto
the SAP system, or after their password is reset.
 Users can only change their password when logging on.
 Users can change their password at most, once a day
 Users can not re-use their previous five passwords.
 The first character cannot be “?” or “!”.
 The first three characters of the password cannot
 appear in the same order as part of the user name.
 all be the same.
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 5
 Include space characters.
 The password cannot be PASS or SAP*.
 Password Controls - cont.
SAP Password System Parameters - system wide settings that can be configured
by MPL - Minimum Password Length Password locked after unsuccessful login
attempts Password Expiration time Password complexity
 Illegal Passwords MPL can define passwords that cannot be used
 Enter impermissible passwords into SAP table USR40 MPL = Master parts
List
Tools:
 ´ SU01 User Maintenance
 ´ PFCG Role Maintenance
 ´ SUIM Authorization Reporting Tree
 ´ SU02 Maintain Profiles
 ´ SU03 Maintain Authorizations
 ´SU10 User Maintenance: Mass Changes
 ´ SU21 Maintain Authorization Objects
 ´ SU24 Auth Object check under transactions
 ´ SU3 Maintain default settings
 ´ SU53 Display Authority Check Values
CUA Central User Administration is a feature in SAP that helps to streamline
multiple users account management on different clients in a multi SAP systems
environment. This feature is laudable when similar user accounts are created and
managed on multiple clients
 § Centralized Admin
SAP SECURITY ONLINE TRAINING
MAGNIFIC IT CONSULTING Page 6
 § Data consistency & accuracy
 § Eliminate redundant efforts
www.magnifictraining.com - " SAP SECURITY ONLINE TRAINING " contact
us:info@magnifictraining.com or+1-6786933994,+1-6786933475,
+919052666559,+919052666558 By Real Time Experts from Hyderabad,
Bangalore,India,USA,Canada,UK, Australia, South Africa.

Contenu connexe

Dernier

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 

Dernier (20)

Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

En vedette

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

En vedette (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Sap security online training in Hyderabad

  • 1. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 1 Introduction  What is Security  Building blocks  Common terminologies used Most Common  tools in Security  CUA What is Security?  Security concept is same around the globe like in your normal life, security  means removing or restricting unauthorized access to your belongings. For  example your Car, laptop or cared cards etc  IT Security?  Information security (sometimes shortened to InfoSec) is the practice  defending information from unauthorized access, use, disclosure, disruption,  modification, perusal, inspection, recording or destruction. It is a general term  that can be used regardless of the form the data may take (electronic, physical, SAP Security?  In the same context of InfoSec. SAP securities have the same meaning… or in other words - who can do what in SAP?  Building Blocks  User Master  Record Roles
  • 2. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 2  Profiles Authorization  Objects User Master Record? A User initially has no access in SAP  When we create access in system it defines UMR User Master Record information includes:  Name, Password, Address, User type, Company information  User Group  Roles and Profiles  Validity dates (from/to)  User defaults (logon language, default printer, date format, etc)  User Types: Dialog – typical for most users System – cannot be used for dialog login, can communicate between systems and start background jobs Communications Data – cannot be used for dialog login, can communicate between systems but cannot start background jobs Reference – cannot log in, used to assign additional Authorizations  Roles and Profiles Roles is group of tcode (s), which is used to perform a specific business task.  Each role requires specific privileges to perform a function in SAP that is called AUTHORIZATIONS There are 3 types of Roles:  Single – an independent Role  Derived – has a parent and differs only in Organization Levels. Maintain Transactions, Menu, Authorizations only at the parent level  Composite – container that contains one or more Single or Derived Roles
  • 3. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 3 Authorization Objects • Authorization Objects are the keys to SAP security • When you attempt actions in SAP the system checks to see whether you have the appropriate Authorizations • The same Authorization Objects can be used by different Transactions User Buffer? • When a User logs into the system, all of the Authorizations that the User has are loaded into a special place in memory called the User Buffer • As the User attempts to perform activities, the system checks whether the user has the appropriate Authorization Objects in the User Buffer. • You can see the buffer in Transaction. Executing a Transaction (Authorization Checks) 1) Does the Transaction exist? All Transactions have an entry in table TSTC 2) Is the Transaction locked? Transactions are locked using Transaction SM01 Once locked, they cannot be used in any client 3) Can the User start the Transaction? Every Transaction requires that the user have the Object S_TCODE=Transaction Name Some Transactions also require another Authorization Object to start (varies depending on the Transaction) 4) What can the User do in the Transaction? The system will check to see if the user has additional Authorization Objects as necessary How to trace missing Authorization Frequently you find that the role you built has inadequate accesses and will fail during testing or during production usage. Why? Why It happens? Negligence of tester or some other reason How process initiated? This process kicks when security guy receives:
  • 4. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 4  Email or  phone call or  ticket How do we determine correct accesses required?  SAP has various tools to analyze access errors and determine correct Authorizations required: ´Use Last Failed Authorization check - SU53 (60% effective)  Use Assignment of Auth Object to Transactions - SU24 (60% effective)  Trace the Authorizations for a function - ST01 (90% effective)  Common Terminologies  User master Records Roles Authorizations Authority  Check user buffer Authorization Errors security matrix  Profiles Authorization Objects User menus SAP Password controls There are some Standard SAP password Controls delivered by SAP which cannot be changed  First-time users forced to change their passwords before they can log onto the SAP system, or after their password is reset.  Users can only change their password when logging on.  Users can change their password at most, once a day  Users can not re-use their previous five passwords.  The first character cannot be “?” or “!”.  The first three characters of the password cannot  appear in the same order as part of the user name.  all be the same.
  • 5. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 5  Include space characters.  The password cannot be PASS or SAP*.  Password Controls - cont. SAP Password System Parameters - system wide settings that can be configured by MPL - Minimum Password Length Password locked after unsuccessful login attempts Password Expiration time Password complexity  Illegal Passwords MPL can define passwords that cannot be used  Enter impermissible passwords into SAP table USR40 MPL = Master parts List Tools:  ´ SU01 User Maintenance  ´ PFCG Role Maintenance  ´ SUIM Authorization Reporting Tree  ´ SU02 Maintain Profiles  ´ SU03 Maintain Authorizations  ´SU10 User Maintenance: Mass Changes  ´ SU21 Maintain Authorization Objects  ´ SU24 Auth Object check under transactions  ´ SU3 Maintain default settings  ´ SU53 Display Authority Check Values CUA Central User Administration is a feature in SAP that helps to streamline multiple users account management on different clients in a multi SAP systems environment. This feature is laudable when similar user accounts are created and managed on multiple clients  § Centralized Admin
  • 6. SAP SECURITY ONLINE TRAINING MAGNIFIC IT CONSULTING Page 6  § Data consistency & accuracy  § Eliminate redundant efforts www.magnifictraining.com - " SAP SECURITY ONLINE TRAINING " contact us:info@magnifictraining.com or+1-6786933994,+1-6786933475, +919052666559,+919052666558 By Real Time Experts from Hyderabad, Bangalore,India,USA,Canada,UK, Australia, South Africa.