Monday, April 27, 2009

SAP Security Blog



This blog is under construction and i want to make it the largest SAP Security blog climb after climb, step after step as i have plenty to contribute in this field. Please visit regularly to get SME articles on SAP Security. some of the topics which will figure in near future are as follows.

1.1. Overview of SAP R/3
1.2. Security’s Role
1.3. Audience
1.3.1. Security Administrators
1.3.2. Managers
1.3.3. Audit Staff
1.4. How to get the most from the book
1.5. Conventions
1.6. Acknowledgments
1.7. Trademarks
2. Security and Controls
2.1. Concept and Purpose
2.2. Assessing Risk
2.3. Segregation of Duties
2.4. Compensating Controls
2.4.1. Change Documents
2.4.2. History Tables
2.4.3. Table Logging
2.4.4. Use
3. Control Areas in SAP
3.1. “Physical” Universe
3.1.1. Environments
3.1.2. Change Control
3.1.3. Change-ability
3.1.4. Defaults
3.1.5. Secure the System
3.1.6. Control Access
3.2. Authorization Profiles - Access.
3.2.1. Naming Conventions
3.2.2. Naming conventions - Authorizations
3.2.3. Process Oriented Profiles
3.2.4. Risk Assessments
3.2.5. Control Profile Development
3.2.6. Profile Development Standards
3.2.7. Role Minimization
3.2.8. Grass Root Development
3.2.9. No Wild Card Activity Values
3.2.10. No Parent-Child Roles
3.2.11. No Composite Roles
3.2.12. Role Use Management
3.3. ABAP execution - reporting and update control.
3.3.1. Background
3.3.2. ABAP/4 Run-time control
3.3.3. Controlling Execution of Reports
3.4. System Integrity - Ensuring long-term continuity
3.5. System Settings
4. SAP Authorization Concept
4.1. Overview
4.1.1. Authorization Objects
4.1.2. Authorizations
4.1.3. Profiles
4.1.4. Roles
4.1.5. Users
5. Security Data in SAP
5.1. List of commonly used Security Tables in SAP
5.1.1. Overall List
5.1.2. Use of each table
5.1.3. Maintenance
5.2. Other SAP data ( Domain Values, Data Elements)
5.2.1. Overall list
5.2.2. Use of data
5.2.3. Maintenance
6. Authorization Checking in SAP
6.1. Transaction Lock
6.2. Transaction Access ( S_TCODE)
6.3. Alternative Access Control
6.3.1. Segregation of duties (TSTCA)
6.3.2. Report execution (S_PROGRAM)
6.3.3. Internal Checks
7. Security tools
7.1. Security Menu
7.2. User Maintenance
7.2.1. SU01
7.2.2. SU10
7.2.3. PFCG
7.2.4. RHPROFL0
7.2.5. HRUSER
7.3. Authorization maintenance
7.4. Profile Maintenance
7.5. PD Profiles – Structural Authorizations
7.6. Profile generator
7.7. Table Maintenance
7.8. Authorization Groups
7.9. Organizational Levels
7.9.1. Overview
7.9.2. Maintaining Organizational Level Definition.
7.9.3. Pitfalls using Organizational Levels
7.10. Call Transaction Control - SE97
7.11. Trouble Shooting Utilities
7.11.1. ST03
7.11.2. STAT
7.11.3. SM21
7.11.4. ST22
7.11.5. SU53
7.11.6. SU56
8. SAP Security Automation
9. Audit Information System
9.1. Security Audit Log
9.1.1. Purpose
9.1.2. Implementation Considerations
9.1.3. Integration
9.1.4. Filters
9.1.5. Alerts in the Computing Center Management System Alert Monitor
9.1.6. Activities
9.2. Security Alerts in the CCMS Alert Monitor
9.2.1. Comparing the Security Audit Log and the System Log
9.2.2. Prerequisites
9.3. User Activity Logs
10. Security Reports
10.1. Overview
10.2. SUIM
10.3. OPF0
10.4. Required reports
11. Security System Parameter Settings
12. Configuration
12.1. Access to Customizing - IMG Access
12.2. SSM_CUST
12.3. PRGN_CUST
12.4. Profile Generator
12.5. Human Resources
12.6. Configurable Access
12.6.1. Overview
12.6.2. Authorization Groups
12.6.3. User Exits
12.6.4. User Status B_USERSTAT
12.6.5. General Ledger Accounts
12.6.6. Storage Location
12.6.7. Tax Reporter Spool Authorizaton
13. User Ids
13.1. Overview
13.2. User Groups
13.3. Password
13.3.1. The Initial Password
13.3.2. Password Requirements
13.4. User Buffer
13.5. Logging On
13.6. Logon Errors
13.7. Password Controls
13.7.1. Setting Password Controls
13.7.2. Setting Password Length and Validity
13.7.3. Specifying Impermissible Passwords
13.8. Id Maintenance
13.9. Administering User Ids
13.10. ID Deletion
13.11. Special User Ids
13.11.1. SAP*
13.11.2. SAPCPIC
13.11.3. DDIC
13.11.4. EARLYWATCH
13.11.5. TMSADM
13.11.6. WF-Batch
13.12. Change Documents
14. Logon controls
14.1. System Parameter Settings
14.2. Logon User Exit
15. Global Access Control
15.1. Transaction Code Locking
15.2. Global Check Disabling
15.3. SAP_ALL
16. Profile Generator
16.1. What is Profile Generator
16.1.1. Components of Profile Generator
17. Exploring Profile Generator Menus and Buttons
17.1. Menu Bar
17.2. Function Bar
18. Functions in Profile Generator
18.1. Tasks
18.2. Agents
18.3. SAP Business Workflow
18.4. Personal Planning and Development (PD)
18.5. Session Manager (SESS)
19. Using Profile Generator
19.1. Activating Profile Generator
19.1.1. Setting the Instance Profile Parameter
19.1.2. Setting an Active Plan Version
19.1.3. Loading SAP default Values (SU25)
19.1.4. Menu Activation
19.1.5. Automatic Transport Request
19.2. Configuring Profile Generator
19.2.1. Maintaining Check Indicators and Field Values (SU24)
19.2.2. Adding Transactions to the Customer Menu
19.3. Activity Group Maintenance
19.3.1. Creating
19.3.2. Copying
19.3.3. Displaying
19.3.4. Generating
19.3.5. Deleting
19.3.6. Removing a transaction
19.3.7. Manually inserting and Authorization Object
19.3.8. Transporting
20. Security Strategies and Methodologies
20.1. Profile Creation
20.2. Maintaining Profiles
20.3. Naming Conventions
20.4. Change management
20.5. Controlling Configuration
21. Central User Administration
22. Workplace
23. Security User Exits
23.1. Exit Options
23.1.1. Overview
23.1.2. User Exits via CMOD
23.1.3. Business partner functions
23.1.4. Field Exists
23.2. Logon Exit
23.3. Logon Screen
23.4. Undocumented
24. Tips and Tricks
24.1. Modifying Logon Screen
24.2. Displaying Authorization Failures
24.3. Organization Levels
24.4. Adding Custom Values
24.5. Useful Default Settings
24.6. Stopping the “Multiple logon Notification” Screen
25. System Upgrades
26. Security Weaknesses
26.1. User Ids
26.2. Reference Users
26.3. Trojan Horse
26.4. New Buffering
26.5. SM59
26.6. Visible Passwords
26.7. S_DEVELOP Access
26.8. Table display
27. Appendices
27.1. Appendix A: Security Tables
27.2. Tables
27.3. Appendix B:
27.4. Appendix C: Segregation of Duties Configuration for RSUSR009





" THANK YOU for Visiting my Blog "
Posted by at

11 comments:

  1. Buddhike PereraSeptember 2, 2009 at 7:28 AM

    HI Jay

    Good Job..

    Jay we are in the process of upgrading from R34.7 to ERP 6..how do we make sure that the existing authorization will move to the new upgrdae version? appreciate if you can share some information/ doc with me ..you can email if possible to buddhike.sgit@keells.com

    regards

    Buddhike

    ReplyDelete
  2. UnknownOctober 22, 2009 at 8:11 AM

    Hi Jay:

    Great site for guys like me trying to learn more... Just a quick question.......do you provide SAP GRC training?

    Thanks,
    Siva

    ReplyDelete
  3. Geko SpeaksOctober 14, 2010 at 7:33 AM

    this is awesome. i hope i am able to find some info here on how to edit org levels for derived roles. i need to change an orglevel value to * for many roles. can't figure out how to do this as the existing roles does not seem to get affected with the changes from the parent role. I tried to change the authorization fields and it worked when propagated but the org values still remain the same

    ReplyDelete
  4. srinivasOctober 21, 2011 at 8:49 AM

    HI,
    U R BLOG VERY NICE.
    CAN U PROVIDE REALTIMES TICKES AND DIFF ISSUES IN SAP SECURITY .

    ASLO PROVIDE ME TICKETING TOOL USER GUDIE USED BY U

    ReplyDelete
  5. UnknownMarch 26, 2013 at 2:19 AM

    good guidance and the following of the content is so helpful and useful. SAP SECURITY TRAINING

    ReplyDelete
  6. UnknownApril 3, 2013 at 6:14 AM

    Hi,, im sanajy working on sap bo domain . i just searching sap securitys information there i found your blog ,, you have share very good infromation.thanks for posting . SAP-HANA

    ReplyDelete
  7. UnknownApril 4, 2013 at 1:56 AM

    Hi this is shiva kumar i am working on sap bwbi.. i just browsing blog s on hana there i found your blog is interesting .. i like to say thank for sharing a information on sap sap-hana

    ReplyDelete
  8. kumarOctober 1, 2013 at 11:27 PM

    it's nice information and it is useful for us.123trainings prvides sap fico online training in india

    ReplyDelete
  9. UnknownFebruary 22, 2014 at 1:22 AM

    Hi sir,
    I have seen the articles you write it is usually extremely considerate info for freshers and beginners. It will help individuals to start thinking about sap. Thanks for provided information. sap fico online training
    Please make updates regularly.

    ReplyDelete
  10. UnknownFebruary 22, 2014 at 3:43 AM

    SAP Safety is part of SAP Foundation module in SAP. Base element is the program supervision piece in Drain.
    To learn SAP Foundation or SAP Protection anyone need not be described as a practical consultant or don't need to own any site knowledge.
    Who is Suited for sap security online training
    Training Component
    The person who is well suited for stepping into SAP Module could be the person who is comfortable with focusing on computers primarily using excel, word, web and email. Generally be able to easily understand the screens in just about any software inside the computer. Must be capable do basic tasks like copy-paste cut erase etc.
    SAP Profession is combination of technical and practical capabilities. Useful capabilities require are fund Spending string and Human resources. SAP Job coaching is preparing students to finding jobs being an SAP Security Manager / SAP Auditor. This involves auditing system safety and functional process in SAP System.

    ReplyDelete
  11. UnknownMarch 14, 2014 at 3:25 AM

    Thank you regarding given helpful information on sap fico. It’s extremely helpful for me. And also helpful for sap fico trainees.sap fico online training

    ReplyDelete

Subscribe to: Post Comments (Atom)