Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Security and User Management, Best Practices?

Go to solution
Former Member

‎04-23-2010 5:29 PM

0 Kudos

Hello everyone.

I'm a Basis Admin who earlier this year was asked to take on SAP Security too. We're a mature SAP customer, so as far as security is concern, its mostly the day to day User maintenance that I've had to take on. A current pain point is managing users seperately within systems. So for example our landscape looks like this: ERP, BW, XI, Portals, MII, SolMan, and CRM. To add a new employee, I may have to touch more than 1 of these systems to add just 1 user.

I have read up on CUA, but have found mix reviews. I was just wondering how others were managing users in a complex landscape, or if SAP had a Best Practice document that I could follow? Any feedback on CUA would also be appreciated.

Thanks in advance,

Jose

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎04-28-2010 9:39 AM

0 Kudos

Hi Jose

CUA is a simple, mature product that can take some of the effort out of user admin.

You should be able to provision to all the ABAP components - ERP, BW, XI, SolMan. If you have your portal groups linked to ABAP roles & ABAP as your user source then the java/portal side should be taken care of too. I'm not too sure about MII and there may be some manual steps still required.

SAP is now promoting IdM as the future and it is a fully fledged identity management platform with the associated ability to scale and complexity of setup. They are 2 very different tools that have pro's, con's and uses so it's worth evaluating both against your requirements.

5 REPLIES 5

Go to solution
sreekanth_sunkara
Active Participant

‎04-23-2010 6:29 PM

0 Kudos

Hi Jose,

we are currently using CUA and it was good and easy to maintain users centrally. i dont think you can find Best Practices on SAP Security

Thanks,

SS

Edited by: sun on Apr 23, 2010 7:30 PM

Go to solution
Former Member

‎04-23-2010 9:01 PM

0 Kudos

This message was moderated.

Go to solution
Former Member

‎04-23-2010 9:52 PM

0 Kudos

Please concentrate on CUA user maintenance,Change management (PFCG,SE10),portal user maanagement.

S000(OSS ID) creation,Developer key and OSS connection in SAP Service marketplace

SOX related report(SE80,SE38,SA38),transports table,SM20 logs,critical tcodes/objects,Solution manager,BP creation/mainenance, User maintenance activity like user deactivation based HR deactivation list.

GRC tools(Firefighter)

Go to solution
arpan_paik
Active Contributor

‎04-24-2010 5:40 AM

0 Kudos

You might be interested in Identity Management

Go to solution
Former Member

‎04-28-2010 9:39 AM

0 Kudos

Hi Jose

CUA is a simple, mature product that can take some of the effort out of user admin.

You should be able to provision to all the ABAP components - ERP, BW, XI, SolMan. If you have your portal groups linked to ABAP roles & ABAP as your user source then the java/portal side should be taken care of too. I'm not too sure about MII and there may be some manual steps still required.

SAP is now promoting IdM as the future and it is a fully fledged identity management platform with the associated ability to scale and complexity of setup. They are 2 very different tools that have pro's, con's and uses so it's worth evaluating both against your requirements.