Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Authorizations in SAP
100 Things You Should Know About...
Taschenbuch von Andrea Cavalleri (u. a.)
Sprache: Englisch

105,95 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
Learn how to save time when managing SAP system security with this book, which unlocks the secrets of working with authorizations in the SAP Basis system. You'll find 100 tips and workarounds you can use to increase productivity and improve the security of your SAP system. The tips are grouped together based on the area of authorizations they cover, such as development security, Profile Generator, upgrades, and more. They have been carefully selected to provide a collection of the best, most useful, and rarest information. With this book, you will be able to work more quickly, easily, and effectively.

Highlights:
User master recordsDevelopment securityProfile GeneratorSegregation of dutiesUpgradesAuditingSecurity templatesContinuous Compliance and Governance
Learn how to save time when managing SAP system security with this book, which unlocks the secrets of working with authorizations in the SAP Basis system. You'll find 100 tips and workarounds you can use to increase productivity and improve the security of your SAP system. The tips are grouped together based on the area of authorizations they cover, such as development security, Profile Generator, upgrades, and more. They have been carefully selected to provide a collection of the best, most useful, and rarest information. With this book, you will be able to work more quickly, easily, and effectively.

Highlights:
User master recordsDevelopment securityProfile GeneratorSegregation of dutiesUpgradesAuditingSecurity templatesContinuous Compliance and Governance
Über den Autor
Andrea Cavalleri is an SAP-certified security and compliance
consultant. He founded Aglea s.r.l. ([...] in 2003.
He has more than 12 years of experience in IT and more
than 15 years of experience as a developer in C++ and Microsoft
Access. Andrea has been a team leader in more than 30
SAP GRC, identity management, and security projects and
has been a teacher for SAP Italy authorization and security
courses since 1999.
Zusammenfassung
Presents practical, expert advice for system administrators
Inhaltsverzeichnis
... Acknowledgments ... 11

PART 1 ... User Master Records ... 13

... 1 ... Displaying the Technical Names of Transactions in the SAP Easy Access Menu en Masse ... 15

... 2 ... Improving Your User Master Record Accuracy with Hidden Fields ... 18

... 3 ... Defining an SAP User ID Naming Convention to Manage User Master Records ... 21

... 4 ... Using BAPIs to Help Mass-Maintain the User Master Record ... 23

... 5 ... Customizing the Rules for Automatically Generated Passwords During User Creation ... 27

... 6 ... Finding and Using User Parameters to Prepopulate Transactional Fields ... 30

... 7 ... Improving Your Business Reporting through User Groups ... 33

... 8 ... Working with Inactive Users ... 36

... 9 ... Customizing SAP and User Menus through the Session Manager ... 38

... 10 ... Assigning Roles through an Organization Structure without SAP HCM Deployed ... 40

... 11 ... Constraining Organization Structure Visibility through an HR Personnel Development Profile ... 42

... 12 ... Automatically Maintaining Structural Authorizations ... 45

... 13 ... Linking User Master Records to HR Data ... 48

... 14 ... Performing Mass Changes for Users and Roles in Java ... 51

... 15 ... Displaying Authorization Errors in Transaction Log SU53 for Different Users ... 54

... 16 ... Customizing Users' Selection en Masse ... 56

... 17 ... Mass-Changing Secure Network Communications Data for SSO User Mapping ... 58

PART 2 ... Development Security ... 61

... 18 ... Validating Your ABAP Code before Moving into the Production System ... 63

... 19 ... Archiving and Restoring a User's Favorites ... 65

... 20 ... Displaying the Security Data Dictionary Definition with the Object Navigator ... 68

... 21 ... Finding Vulnerability Strings in Your ABAP Code ... 71

... 22 ... Creating a Transaction Variant to Restrict User Activities ... 75

... 23 ... Finding Authorization Object Documentation ... 78

... 24 ... Searching for Values and Definitions in ABAP Data Dictionary Tables ... 81

... 25 ... Mass-Exporting Query User Group Information ... 83

... 26 ... Managing an Authorization Check in the Transaction Header ... 86

... 27 ... Restricting a User's Access to Called Transactions ... 88

... 28 ... Managing Customizing Tables in a Production System ... 92

... 29 ... Analyzing Your Security System to Keep it Updated ... 95

... 30 ... Using Parameter Transactions to Avoid Giving Direct Tables/Programs Access to End Users ... 97

... 31 ... Discovering Maintenance Customizing Transactions with a Table Name ... 100

PART 3 ... Profile Generator ... 103

... 32 ... Finding Roles That Contain Transactions at the Menu Level ... 105

... 33 ... Permanently Enable the Technical Name View in Transaction PFCG's Authorization Tree ... 107

... 34 ... Creating a Sustainable Authorization Roles Naming Convention ... 110

... 35 ... Evaluating the Manual or Modified Authorization Status during Profile Generator Maintenance ... 116

... 36 ... Creating an SAP_ALL Display-Only Role ... 119

... 37 ... Maintaining an Aligned Set of Job Roles with a Naming Convention ... 123

... 38 ... Designing and Assigning a Basic Role to All Users ... 126

... 39 ... Maintaining Derived Roles to Improve Authorization Maintenance ... 128

... 40 ... Discovering Misalignment between Transactions by Downloading Data to Spreadsheets ... 131

... 41 ... Finding Misinterpreted Authorization Wildcards in Your Roles ... 134

... 42 ... Performing Mass Downloads and Uploads of Standard Authorization Values ... 137

... 43 ... Setting Up Mass Adjustments for Derived Roles ... 139

... 44 ... Troubleshooting Authorization Problems for Users ... 141

... 45 ... Customizing Your Tree Menu Settings to Avoid Duplicate Structures ... 145

... 46 ... Automatically Populating the Authorization Objects Transaction Link When Performing a Developer Trace ... 149

... 47 ... Adjusting Query Maintenance to Avoid Security Problems ... 154

... 48 ... Cleaning Up Unused Batch Jobs ... 156

... 49 ... Setting Up Authorizations to Allow Internet Service ... 159

... 50 ... Avoiding Security Holes during SAP Menu Role Maintenance ... 162

... 51 ... Changing the Rules to Generate Profile Names ... 166

... 52 ... Comparing Authorization Roles to Check for Alignment Between Systems ... 168

... 53 ... Replacing the Parent Role of a Derived Role en Masse ... 170

... 54 ... Generating Large Quantities of Profiles for Roles in a Single Transaction ... 173

... 55 ... Using SAP BAPIs to Manage Roles with an External Program ... 176

... 56 ... Using Manual Composite Profiles to Bypass the Profile Technical Limit of 312 ... 180

... 57 ... Using Parameter IDs and Customizing Transactions to Manage Authorizations ... 185

... 58 ... Removing Expired User-Role Links ... 189

... 59 ... Filtering Roles by Their Status ... 191

PART 4 ... Segregation of Duties ... 195

... 60 ... Tailoring Your Ad-Hoc Analysis by Using Custom Groups in RAR and ARA ... 197

... 61 ... Modifying Your Selection Criteria for User/Roles Analysis in SAP GRC 10.0 ... 201

... 62 ... Clustering Data to Enhance Your RAR Reporting for Easier Consumption ... 204

... 63 ... Performing a User Impact Risk Analysis ... 207

... 64 ... Setting Selection Criteria for the Web Interface as a Default Value ... 210

... 65 ... Defining a Firefighter User ID Naming Method ... 212

... 66 ... Using Organizational-Level Mapping in Business Role Management to Improve Role Derivation ... 215

... 67 ... Using Business Role Management to Define Business Roles in Place of Composite Roles ... 219

... 68 ... Setting Up Data Segregation in SAP GRC ARA ... 222

... 69 ... Keeping Your Mitigation Tables Clean and Accurate with the Invalid Mitigation Report ... 226

PART 5 ... Upgrades ... 229

... 70 ... Making Your Roles Compliant with Transaction SU25 ... 231

... 71 ... Deciding How to Set Up Your Authorization Upgrade ... 237

... 72 ... Managing Derived Roles during an Upgrade ... 241

... 73 ... Converting a Manually Created Profile into a Role ... 244

... 74 ... Avoid Maintaining a Role's Authorization Tree Twice When New Transaction Codes Are Added ... 247

... 75 ... Identifying New Transactions in a Role's Menu ... 249

... 76 ... Communicating Password Requirement Changes During SAP Upgrades ... 251

PART 6 ... Auditing ... 255

... 77 ... Searching for Roles or Users Using Transaction SUIM with Asterisk Searching ... 257

... 78 ... Using the Security Audit Log to Manage Your Super Users' Access ... 259

... 79 ... Changing the Classification of an Audit Log Message ... 263

... 80 ... Configuring the SAP System to Log Activity in the Security Structure ... 266

... 81 ... Activating Table Tracing to Log the Details of Changes Made ... 269

... 82 ... Viewing All Instances of Profile Parameters ... 272

... 83 ... Identifying Alias Transactions to Eliminate Unauthorized System Access ... 275

... 84 ... Finding a Specific User Who Has Made Changes to Values ... 279

... 85 ... Identifying Query Changes ... 282

... 86 ... Protecting and Auditing Your Remote Function Call ... 284

PART 7 ... Security Templates ... 287

... 87 ... Using a Spreadsheet to Collect Authorization Data ... 288

... 88 ... Defining a Template for Gathering and Defining Your Job Role Data ... 291

... 89 ... Defining a Template for Gathering the Organizational Constraints of Job Role Data ... 294

... 90 ... Defining a Template for Gathering the Nonorganizational Constraints of Job Role Data ... 297

... 91 ... Using Pivot Tables and Authorization Reports to Customize Data for the Reader ... 300

PART 8 ... Continuous Compliance and Governance ... 303

... 92 ... Defining Data for User Revalidation ... 305

... 93 ... Revalidating Roles and Providing Documentation for Analysis ... 309

... 94 ... Making Sure Users Are Assigned Only to the Roles and Transactions They Use ... 312

... 95 ... Using Indirect Role Assignment to Simplify User Maintenance and Reporting ... 315

... 96 ... Defining Business Owners ... 319

... 97 ... Finding Misalignments between Organizational-Level Pop-Ups and Authorization Data in Derived Roles ... 321

... 98 ... Finding Manually Created Authorizations in a Role's Authorization Tree ... 325

... 99 ... Substituting SAP Queries with Specific Transaction Codes ... 328

... 100 ... Using a Query to Find Manually Created Authorizations and Convert them to Roles ... 330

... Additional Resources ... 333

... Index ... 339
Details
Erscheinungsjahr: 2012
Fachbereich: Anwendungs-Software
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 346 S.
ISBN-13: 9781592294060
ISBN-10: 1592294065
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Cavalleri, Andrea
Manara, Massimo
Hersteller: Rheinwerk Publishing
Rheinwerk Publishing, Inc.
Verantwortliche Person für die EU: Rheinwerk Verlag GmbH, Rheinwerkallee 4, D-53227 Bonn, service@rheinwerk-verlag.de
Maße: 231 x 177 x 27 mm
Von/Mit: Andrea Cavalleri (u. a.)
Erscheinungsdatum: 25.04.2012
Gewicht: 0,654 kg
Artikel-ID: 106604088
Über den Autor
Andrea Cavalleri is an SAP-certified security and compliance
consultant. He founded Aglea s.r.l. ([...] in 2003.
He has more than 12 years of experience in IT and more
than 15 years of experience as a developer in C++ and Microsoft
Access. Andrea has been a team leader in more than 30
SAP GRC, identity management, and security projects and
has been a teacher for SAP Italy authorization and security
courses since 1999.
Zusammenfassung
Presents practical, expert advice for system administrators
Inhaltsverzeichnis
... Acknowledgments ... 11

PART 1 ... User Master Records ... 13

... 1 ... Displaying the Technical Names of Transactions in the SAP Easy Access Menu en Masse ... 15

... 2 ... Improving Your User Master Record Accuracy with Hidden Fields ... 18

... 3 ... Defining an SAP User ID Naming Convention to Manage User Master Records ... 21

... 4 ... Using BAPIs to Help Mass-Maintain the User Master Record ... 23

... 5 ... Customizing the Rules for Automatically Generated Passwords During User Creation ... 27

... 6 ... Finding and Using User Parameters to Prepopulate Transactional Fields ... 30

... 7 ... Improving Your Business Reporting through User Groups ... 33

... 8 ... Working with Inactive Users ... 36

... 9 ... Customizing SAP and User Menus through the Session Manager ... 38

... 10 ... Assigning Roles through an Organization Structure without SAP HCM Deployed ... 40

... 11 ... Constraining Organization Structure Visibility through an HR Personnel Development Profile ... 42

... 12 ... Automatically Maintaining Structural Authorizations ... 45

... 13 ... Linking User Master Records to HR Data ... 48

... 14 ... Performing Mass Changes for Users and Roles in Java ... 51

... 15 ... Displaying Authorization Errors in Transaction Log SU53 for Different Users ... 54

... 16 ... Customizing Users' Selection en Masse ... 56

... 17 ... Mass-Changing Secure Network Communications Data for SSO User Mapping ... 58

PART 2 ... Development Security ... 61

... 18 ... Validating Your ABAP Code before Moving into the Production System ... 63

... 19 ... Archiving and Restoring a User's Favorites ... 65

... 20 ... Displaying the Security Data Dictionary Definition with the Object Navigator ... 68

... 21 ... Finding Vulnerability Strings in Your ABAP Code ... 71

... 22 ... Creating a Transaction Variant to Restrict User Activities ... 75

... 23 ... Finding Authorization Object Documentation ... 78

... 24 ... Searching for Values and Definitions in ABAP Data Dictionary Tables ... 81

... 25 ... Mass-Exporting Query User Group Information ... 83

... 26 ... Managing an Authorization Check in the Transaction Header ... 86

... 27 ... Restricting a User's Access to Called Transactions ... 88

... 28 ... Managing Customizing Tables in a Production System ... 92

... 29 ... Analyzing Your Security System to Keep it Updated ... 95

... 30 ... Using Parameter Transactions to Avoid Giving Direct Tables/Programs Access to End Users ... 97

... 31 ... Discovering Maintenance Customizing Transactions with a Table Name ... 100

PART 3 ... Profile Generator ... 103

... 32 ... Finding Roles That Contain Transactions at the Menu Level ... 105

... 33 ... Permanently Enable the Technical Name View in Transaction PFCG's Authorization Tree ... 107

... 34 ... Creating a Sustainable Authorization Roles Naming Convention ... 110

... 35 ... Evaluating the Manual or Modified Authorization Status during Profile Generator Maintenance ... 116

... 36 ... Creating an SAP_ALL Display-Only Role ... 119

... 37 ... Maintaining an Aligned Set of Job Roles with a Naming Convention ... 123

... 38 ... Designing and Assigning a Basic Role to All Users ... 126

... 39 ... Maintaining Derived Roles to Improve Authorization Maintenance ... 128

... 40 ... Discovering Misalignment between Transactions by Downloading Data to Spreadsheets ... 131

... 41 ... Finding Misinterpreted Authorization Wildcards in Your Roles ... 134

... 42 ... Performing Mass Downloads and Uploads of Standard Authorization Values ... 137

... 43 ... Setting Up Mass Adjustments for Derived Roles ... 139

... 44 ... Troubleshooting Authorization Problems for Users ... 141

... 45 ... Customizing Your Tree Menu Settings to Avoid Duplicate Structures ... 145

... 46 ... Automatically Populating the Authorization Objects Transaction Link When Performing a Developer Trace ... 149

... 47 ... Adjusting Query Maintenance to Avoid Security Problems ... 154

... 48 ... Cleaning Up Unused Batch Jobs ... 156

... 49 ... Setting Up Authorizations to Allow Internet Service ... 159

... 50 ... Avoiding Security Holes during SAP Menu Role Maintenance ... 162

... 51 ... Changing the Rules to Generate Profile Names ... 166

... 52 ... Comparing Authorization Roles to Check for Alignment Between Systems ... 168

... 53 ... Replacing the Parent Role of a Derived Role en Masse ... 170

... 54 ... Generating Large Quantities of Profiles for Roles in a Single Transaction ... 173

... 55 ... Using SAP BAPIs to Manage Roles with an External Program ... 176

... 56 ... Using Manual Composite Profiles to Bypass the Profile Technical Limit of 312 ... 180

... 57 ... Using Parameter IDs and Customizing Transactions to Manage Authorizations ... 185

... 58 ... Removing Expired User-Role Links ... 189

... 59 ... Filtering Roles by Their Status ... 191

PART 4 ... Segregation of Duties ... 195

... 60 ... Tailoring Your Ad-Hoc Analysis by Using Custom Groups in RAR and ARA ... 197

... 61 ... Modifying Your Selection Criteria for User/Roles Analysis in SAP GRC 10.0 ... 201

... 62 ... Clustering Data to Enhance Your RAR Reporting for Easier Consumption ... 204

... 63 ... Performing a User Impact Risk Analysis ... 207

... 64 ... Setting Selection Criteria for the Web Interface as a Default Value ... 210

... 65 ... Defining a Firefighter User ID Naming Method ... 212

... 66 ... Using Organizational-Level Mapping in Business Role Management to Improve Role Derivation ... 215

... 67 ... Using Business Role Management to Define Business Roles in Place of Composite Roles ... 219

... 68 ... Setting Up Data Segregation in SAP GRC ARA ... 222

... 69 ... Keeping Your Mitigation Tables Clean and Accurate with the Invalid Mitigation Report ... 226

PART 5 ... Upgrades ... 229

... 70 ... Making Your Roles Compliant with Transaction SU25 ... 231

... 71 ... Deciding How to Set Up Your Authorization Upgrade ... 237

... 72 ... Managing Derived Roles during an Upgrade ... 241

... 73 ... Converting a Manually Created Profile into a Role ... 244

... 74 ... Avoid Maintaining a Role's Authorization Tree Twice When New Transaction Codes Are Added ... 247

... 75 ... Identifying New Transactions in a Role's Menu ... 249

... 76 ... Communicating Password Requirement Changes During SAP Upgrades ... 251

PART 6 ... Auditing ... 255

... 77 ... Searching for Roles or Users Using Transaction SUIM with Asterisk Searching ... 257

... 78 ... Using the Security Audit Log to Manage Your Super Users' Access ... 259

... 79 ... Changing the Classification of an Audit Log Message ... 263

... 80 ... Configuring the SAP System to Log Activity in the Security Structure ... 266

... 81 ... Activating Table Tracing to Log the Details of Changes Made ... 269

... 82 ... Viewing All Instances of Profile Parameters ... 272

... 83 ... Identifying Alias Transactions to Eliminate Unauthorized System Access ... 275

... 84 ... Finding a Specific User Who Has Made Changes to Values ... 279

... 85 ... Identifying Query Changes ... 282

... 86 ... Protecting and Auditing Your Remote Function Call ... 284

PART 7 ... Security Templates ... 287

... 87 ... Using a Spreadsheet to Collect Authorization Data ... 288

... 88 ... Defining a Template for Gathering and Defining Your Job Role Data ... 291

... 89 ... Defining a Template for Gathering the Organizational Constraints of Job Role Data ... 294

... 90 ... Defining a Template for Gathering the Nonorganizational Constraints of Job Role Data ... 297

... 91 ... Using Pivot Tables and Authorization Reports to Customize Data for the Reader ... 300

PART 8 ... Continuous Compliance and Governance ... 303

... 92 ... Defining Data for User Revalidation ... 305

... 93 ... Revalidating Roles and Providing Documentation for Analysis ... 309

... 94 ... Making Sure Users Are Assigned Only to the Roles and Transactions They Use ... 312

... 95 ... Using Indirect Role Assignment to Simplify User Maintenance and Reporting ... 315

... 96 ... Defining Business Owners ... 319

... 97 ... Finding Misalignments between Organizational-Level Pop-Ups and Authorization Data in Derived Roles ... 321

... 98 ... Finding Manually Created Authorizations in a Role's Authorization Tree ... 325

... 99 ... Substituting SAP Queries with Specific Transaction Codes ... 328

... 100 ... Using a Query to Find Manually Created Authorizations and Convert them to Roles ... 330

... Additional Resources ... 333

... Index ... 339
Details
Erscheinungsjahr: 2012
Fachbereich: Anwendungs-Software
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 346 S.
ISBN-13: 9781592294060
ISBN-10: 1592294065
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Cavalleri, Andrea
Manara, Massimo
Hersteller: Rheinwerk Publishing
Rheinwerk Publishing, Inc.
Verantwortliche Person für die EU: Rheinwerk Verlag GmbH, Rheinwerkallee 4, D-53227 Bonn, service@rheinwerk-verlag.de
Maße: 231 x 177 x 27 mm
Von/Mit: Andrea Cavalleri (u. a.)
Erscheinungsdatum: 25.04.2012
Gewicht: 0,654 kg
Artikel-ID: 106604088
Sicherheitshinweis