ebook img

Authorizations in SAP PDF

351 Pages·2012·14.982 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Authorizations in SAP

SAP PRESS is a joint initiative of SAP and Galileo Press. The know-how offered by SAP specialists combined with the expertise of the Galileo Press publishing house offers the reader expert books in the field. SAP PRESS features first-hand informa- tion and expert advice, and provides useful skills for professional decision-making. SAP PRESS offers a variety of books on technical and business related topics for the SAP user. For further information, please visit our website: http://www.sap-press.com. Mario Linkies and Horst Karin SAP Security and Risk Management (2nd Edition) 2011, 742 pp. (hardcover) ISBN 978-1-59229-355-1 Volker Lehnert, Katharina Stelzner, Larry Justice Authorizations in SAP Software: Design and Configuration 2010, 684 pp. (hardcover) ISBN 978-1-59229-342-1 Sebastian Schreckenbach SAP Administration—Practical Guide 2011, 883 pp. (hardcover) ISBN 978-1-59229-383-4 Steve Biskie Surviving an SAP Audit 2010, 299 pp. (hardcover) ISBN 978-1-59229-253-0 Andrea Cavalleri and Massimo Manara 100 Things You Should Know About Authorizations in SAP® Bonn (cid:31) Boston Dear Reader, As a security administrator, you have a very important and complex job. Make it eas- ier with this book, where you’ll find practical, useful tips and workarounds that will help you accomplish moderate to advanced authorization tasks. With information ranging from using templates, to managing user IDs, to setting up a security project to managing information for a smooth audit, you’re sure to find helpful tidbits that will save you time and help you avoid many potential headaches. It was a pleasure working with this book’s authors, Andrea and Massimo. They are easily some of the most organized people I’ve ever had the privilege of working with (which isn’t easy when it comes to writing about 100 separate topics!). Between being early with all of their work and answering all of my many questions, they ultimately created a bit more work for themselves in sheer times the book was able to pass between us, but which benefits you with a fantastic, concise book of tips and tricks. I’m confident that you’ll find it just as rewarding to navigate this book as I did, and better yet, that you’ll find that helpful hint that will really add a little something to your day! We at SAP PRESS are always eager to hear your opinion. What do you think about 100 Things You Should Know About Authorizations in SAP? As your comments and suggestions are our most useful tools to help us make our books the best they can be, we encourage you to visit our website at www.sap-press.com and share your feedback. Thank you for purchasing a book from SAP PRESS! Laura Korslund Editor, SAP PRESS Galileo Press Boston, MA [email protected] http://www.sap-press.com Notes on Usage This e-book is protected by copyright. By purchasing this e-book, you have agreed to accept and adhere to the copyrights. You are entitled to use this e-book for personal purposes. You may print and copy it, too, but also only for personal use. Sharing an electronic or printed copy with others, however, is not permitted, neither as a whole nor in parts. Of course, making them available on the Internet or in a company network is illegal as well. For detailed and legally binding usage conditions, please refer to the section Legal Notes. This e-book copy contains a digital watermark, a signature that indicates which person may use this copy: Imprint This e-book is a publication many contributed to, specifically: Editor Laura Korslund Copyeditor Julie McNamee Cover Design Graham Geary Production E-Book Kelly O’Callaghan Typesetting E-Book Publishers’ Design and Production Services, Inc. We hope that you liked this e-book. Please share your feedback with us and read the Service Pages to find out how to contact us. The Library of Congress has cataloged the printed edition as follows: Manara, Massimo. 100 things you should know about authorizations in SAP / Massimo Manara, Andrea Cavalleri. — 1st ed. p.cm. Includes bibliographical references. ISBN 978-1-59229-406-0 — ISBN 1-59229-406-5 1. Computers—Access control. 2. Computer networks—Security measures. 3. SAP ERP. I. Cavalleri, Andrea. II. Title. III. Title: One hundred things you should know about authorizations in SAP. QA76.9.A25M31847 2012 005.8—dc23 2012005022 ISBN 978-1-59229-406-0 (print) ISBN 978-1-59229-803-7 (e-book) ISBN 978-1-59229-804-4 (print and e-book) © 2012 by Galileo Press Inc., Boston (MA) 1st edition 2012 Contents Acknowledgments ............................................................................................... 11 PART 1 User Master Records .......................................................................... 13 1 Displaying the Technical Names of Transactions in the SAP Easy Access Menu en Masse ........................................................................ 15 2 Improving Your User Master Record Accuracy with Hidden Fields ........ 18 3 Defining an SAP User ID Naming Convention to Manage User Master Records ............................................................................................... 21 4 Using BAPIs to Help Mass-Maintain the User Master Record ............... 23 5 Customizing the Rules for Automatically Generated Passwords During User Creation ..................................................................................... 27 6 Finding and Using User Parameters to Prepopulate Transactional Fields 30 7 Improving Your Business Reporting through User Groups ..................... 33 8 Working with Inactive Users ................................................................ 36 9 Customizing SAP and User Menus through the Session Manager ......... 38 10 Assigning Roles through an Organization Structure without SAP HCM Deployed ............................................................................................ 40 11 Constraining Organization Structure Visibility through an HR Personnel Development Profile ............................................................................ 42 12 Automatically Maintaining Structural Authorizations ........................... 45 13 Linking User Master Records to HR Data ............................................ 48 14 Performing Mass Changes for Users and Roles in Java .......................... 51 15 Displaying Authorization Errors in Transaction Log SU53 for Different Users ................................................................................................... 54 16 Customizing Users’ Selection en Masse ............................................... 56 17 Mass-Changing Secure Network Communications Data for SSO User Mapping ............................................................................................. 58 PART 2 Development Security ........................................................................ 61 18 Validating Your ABAP Code before Moving into the Production System ................................................................................................ 63 19 Archiving and Restoring a User’s Favorites ........................................... 65 20 Displaying the Security Data Dictionary Definition with the Object Navigator ............................................................................................ 68 21 Finding Vulnerability Strings in Your ABAP Code .................................. 71 22 Creating a Transaction Variant to Restrict User Activities ...................... 75 7 Co ntents 23 Finding Authorization Object Documentation ..................................... 78 24 Searching for Values and Definitions in ABAP Data Dictionary Tables ... 81 25 Mass-Exporting Query User Group Information ................................... 83 26 Managing an Authorization Check in the Transaction Header ............... 86 27 Restricting a User’s Access to Called Transactions ............................... 88 28 Managing Customizing Tables in a Production System .......................... 92 29 Analyzing Your Security System to Keep it Updated ............................ 95 30 Using Parameter Transactions to Avoid Giving Direct Tables/Programs Access to End Users ............................................................................. 97 31 Discovering Maintenance Customizing Transactions with a Table Name .................................................................................................. 100 PART 3 Profile Generator ................................................................................ 103 32 Finding Roles That Contain Transactions at the Menu Level ................ 105 33 Permanently Enable the Technical Name View in Transaction PFCG’s Authorization Tree ............................................................................... 107 34 Creating a Sustainable Authorization Roles Naming Convention ........... 110 35 Evaluating the Manual or Modified Authorization Status during Profile Generator Maintenance ............................................................ 116 36 Creating an SAP_ALL Display-Only Role ............................................... 119 37 Maintaining an Aligned Set of Job Roles with a Naming Convention .... 123 38 Designing and Assigning a Basic Role to All Users ................................ 126 39 Maintaining Derived Roles to Improve Authorization Maintenance ..... 128 40 Discovering Misalignment between Transactions by Downloading Data to Spreadsheets .......................................................................... 131 41 Finding Misinterpreted Authorization Wildcards in Your Roles ............. 134 42 Performing Mass Downloads and Uploads of Standard Authorization Values ................................................................................................ 137 43 Setting Up Mass Adjustments for Derived Roles .................................. 139 44 Troubleshooting Authorization Problems for Users ............................... 141 45 Customizing Your Tree Menu Settings to Avoid Duplicate Structures .... 145 46 Automatically Populating the Authorization Objects Transaction Link When Performing a Developer Trace ............................................ 149 47 Adjusting Query Maintenance to Avoid Security Problems ................... 154 48 Cleaning Up Unused Batch Jobs .......................................................... 156 49 Setting Up Authorizations to Allow Internet Service ........................... 159 50 Avoiding Security Holes during SAP Menu Role Maintenance .............. 162 51 Changing the Rules to Generate Profile Names .................................... 166 52 Comparing Authorization Roles to Check for Alignment Between Systems ............................................................................................... 168 53 Replacing the Parent Role of a Derived Role en Masse ......................... 170 54 Generating Large Quantities of Profiles for Roles in a Single Transaction .......................................................................................... 173 8    Contents       55    Using   SAP   BAPIs   to   Manage   Roles   with   an   External   Program      ...............    176 56    Using   Manual   Composite   Profiles   to   Bypass   the   Profile   Technical       Limit   of   312      ........................................................................................    180 57    Using   Parameter   IDs   and   Customizing   Transactions   to   Manage       Authorizations      .....................................................................................    185 58    Removing   Expired   User-Role   Links      .......................................................    189 59    Filtering   Roles   by   Their   Status      ..............................................................    191 PART4 SegregationofDuties      ........................................................................    195 60    Tailoring   Your   Ad-Hoc   Analysis   by   Using   Custom   Groups   in   RAR       and   ARA      ..............................................................................................    197 61    Modifying   Your   Selection   Criteria   for   User/Roles   Analysis   in       SAP   GRC   10.0      .....................................................................................    201 62    Clustering   Data   to   Enhance   Your   RAR   Reporting   for   Easier       Consumption      .......................................................................................    204 63    Performing   a   User   Impact   Risk   Analysis      ................................................    207 64    Setting   Selection   Criteria   for   the   Web   Interface   as   a   Default   Value         ......    210 65    Defining   a   Firefighter   User   ID   Naming   Method      ....................................    212 66    Using   Organizational-Level   Mapping   in   Business   Role   Management       to   Improve   Role   Derivation         ................................................................    215 67    Using   Business   Role   Management   to   Define   Business   Roles   in   Place       of   Composite   Roles      .............................................................................    219 68    Setting   Up   Data   Segregation   in   SAP   GRC   ARA      .....................................    222 69    Keeping   Your   Mitigation   Tables   Clean   and   Accurate   with   the   Invalid    Mitigation   Report      ................................................................................    226 PART5 Upgrades      ............................................................................................    229 70    Making   Your   Roles   Compliant   with   Transaction   SU25      ..........................    231 71    Deciding   How   to   Set   Up   Your   Authorization   Upgrade      ..........................    237 72    Managing   Derived   Roles   during   an   Upgrade      ........................................    241 73    Converting   a   Manually   Created   Profile   into   a   Role      ...............................    244 74    Avoid   Maintaining   a   Role’s   Authorization   Tree   Twice   When   New       Transaction   Codes   Are   Added         .............................................................    247 75    Identifying   New   Transactions   in   a   Role’s   Menu      ....................................    249 76    Communicating   Password   Requirement   Changes   During   SAP       Upgrades      .............................................................................................    251 PART6 Auditing      .............................................................................................    255 77    Searching   for   Roles   or   Users   Using   Transaction   SUIM   with       Asterisk   Searching      ...............................................................................    257 78    Using   the   Security   Audit   Log   to   Manage   Your   Super   Users’   Access      .......    259 9 Co ntents 79 Changing the Classification of an Audit Log Message ........................... 263 80 Configuring the SAP System to Log Activity in the Security Structure ... 266 81 Activating Table Tracing to Log the Details of Changes Made ............... 269 82 Viewing All Instances of Profile Parameters ......................................... 272 83 Identifying Alias Transactions to Eliminate Unauthorized System Access ................................................................................................ 275 84 Finding a Specific User Who Has Made Changes to Values ................... 279 85 Identifying Query Changes ................................................................... 282 86 Protecting and Auditing Your Remote Function Call ............................. 284 PART 7 Security Templates ............................................................................. 287 87 Using a Spreadsheet to Collect Authorization Data ............................. 288 88 Defining a Template for Gathering and Defining Your Job Role Data .... 291 89 Defining a Template for Gathering the Organizational Constraints of Job Role Data ...................................................................................... 294 90 Defining a Template for Gathering the Nonorganizational Constraints of Job Role Data .................................................................................. 297 91 Using Pivot Tables and Authorization Reports to Customize Data for the Reader .......................................................................................... 300 PART 8 Continuous Compliance and Governance .......................................... 303 92 Defining Data for User Revalidation ..................................................... 305 93 Revalidating Roles and Providing Documentation for Analysis .............. 309 94 Making Sure Users Are Assigned Only to the Roles and Transactions They Use ............................................................................................ 312 95 Using Indirect Role Assignment to Simplify User Maintenance and Reporting ........................................................................................... 315 96 Defining Business Owners .................................................................. 319 97 Finding Misalignments between Organizational-Level Pop-Ups and Authorization Data in Derived Roles .................................................... 321 98 Finding Manually Created Authorizations in a Role’s Authorization Tree ..................................................................................................... 325 99 Substituting SAP Queries with Specific Transaction Codes .................... 328 100 Using a Query to Find Manually Created Authorizations and Convert them to Roles ......................................................................... 330 Additional Resources .......................................................................................... 333 Index ................................................................................................................. 339 Service Pages ..................................................................................................... I Legal Notes ........................................................................................................ III 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.