04-23-2010 5:29 PM
Hello everyone.
I'm a Basis Admin who earlier this year was asked to take on SAP Security too. We're a mature SAP customer, so as far as security is concern, its mostly the day to day User maintenance that I've had to take on. A current pain point is managing users seperately within systems. So for example our landscape looks like this: ERP, BW, XI, Portals, MII, SolMan, and CRM. To add a new employee, I may have to touch more than 1 of these systems to add just 1 user.
I have read up on CUA, but have found mix reviews. I was just wondering how others were managing users in a complex landscape, or if SAP had a Best Practice document that I could follow? Any feedback on CUA would also be appreciated.
Thanks in advance,
Jose
04-28-2010 9:39 AM
Hi Jose
CUA is a simple, mature product that can take some of the effort out of user admin.
You should be able to provision to all the ABAP components - ERP, BW, XI, SolMan. If you have your portal groups linked to ABAP roles & ABAP as your user source then the java/portal side should be taken care of too. I'm not too sure about MII and there may be some manual steps still required.
SAP is now promoting IdM as the future and it is a fully fledged identity management platform with the associated ability to scale and complexity of setup. They are 2 very different tools that have pro's, con's and uses so it's worth evaluating both against your requirements.
04-23-2010 6:29 PM
Hi Jose,
we are currently using CUA and it was good and easy to maintain users centrally. i dont think you can find Best Practices on SAP Security
Thanks,
SS
Edited by: sun on Apr 23, 2010 7:30 PM
04-23-2010 9:01 PM
04-23-2010 9:52 PM
Please concentrate on CUA user maintenance,Change management (PFCG,SE10),portal user maanagement.
S000(OSS ID) creation,Developer key and OSS connection in SAP Service marketplace
SOX related report(SE80,SE38,SA38),transports table,SM20 logs,critical tcodes/objects,Solution manager,BP creation/mainenance, User maintenance activity like user deactivation based HR deactivation list.
GRC tools(Firefighter)
04-24-2010 5:40 AM
04-28-2010 9:39 AM
Hi Jose
CUA is a simple, mature product that can take some of the effort out of user admin.
You should be able to provision to all the ABAP components - ERP, BW, XI, SolMan. If you have your portal groups linked to ABAP roles & ABAP as your user source then the java/portal side should be taken care of too. I'm not too sure about MII and there may be some manual steps still required.
SAP is now promoting IdM as the future and it is a fully fledged identity management platform with the associated ability to scale and complexity of setup. They are 2 very different tools that have pro's, con's and uses so it's worth evaluating both against your requirements.