- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- Process-related Security Questions
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Process-related Security Questions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2007 12:52 AM
Having just come off an SAP Project (Go-Live was Jan 2!), and being tasked with Security (no training, but nevermind that), the questions that are coming up have to do more with the authorizations process than how to perform a task. Case in point, the users need access NOW, our current process is cumbersome (adding a transaction to a role in DEV, test it in QAS, then move to PRD after approval). I have been creating Z roles left and right because of the missing authorizations and users having to perform their job duties in SAP (the nerve!). This process is a bear, and I have yet to get my arms around it. Eventually, the thought is to have some type of web forms that the business owner can fill out to submit/approve changes (adding a transaction to a role, creating a new role, giving a user a new role, user position changes, etc.), but right now I'm drowning in a sea of emails! Any suggestions from someone who has survived this and came out sane? Thanks!
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2007 2:24 AM
Ellen
Yes you do need some forms e.g. new user, access changes and delete user. You also need some approval process so that you are not alone in making the decisions and have to wear the audit on your own.
Another handy document is a high level plan of the access required and any access that should not go to the same position e.g. AP data entry and payment run. I guess that you don't have a detailed one. This can grow as you learn.
To help your sanity you need to have standard response times e.g. new users within 24 hours, access changes within 48 hours.
I hope that this helps a little.
Regards
Kevin
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2007 2:24 AM
Ellen
Yes you do need some forms e.g. new user, access changes and delete user. You also need some approval process so that you are not alone in making the decisions and have to wear the audit on your own.
Another handy document is a high level plan of the access required and any access that should not go to the same position e.g. AP data entry and payment run. I guess that you don't have a detailed one. This can grow as you learn.
To help your sanity you need to have standard response times e.g. new users within 24 hours, access changes within 48 hours.
I hope that this helps a little.
Regards
Kevin
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2007 4:07 PM
And to save you from a lot of overtime and hard pushing from users. See that you get an emergency procedure in place, Think like:
1 a way that allows you (ONLY AFTER Approval of the responsible person in the Business) to grant temporary wide roles to a user that can not do their JOB. This buys you time to bring in a PROPER solution.
2 a way to speed up the whole process of approval and transports based on the severity of the error. And remember the severity level can ONLY be decided upon by the right management level in the business. Highest level is: No one involded leaves and all will only be working on the solution until the problem is Solved IN the production system.
It is all a mather of proper procedures and right approvel level. Be sure never to be left to have to decide these things yourselve. Do not get tricked in designing flashy formes etc as they do not do the Job. a simple a4 with the procedure including the nescesarry info lined out is sufficient for the time being. The rest can follow when you survived the first couple of weeks and the pressure is dropping.
One thing to remember also when processes fail after go live you can blame it on incorrect testing before go-live.
For your next project remember to put testing of security roles high on the agenda.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2007 4:59 PM
Ellen,
Another tip in addition to the ones already suggested would be to document all the changes you make and get approval for them.
Have some sort of Change Request Form which authorizes you to make the necessary changes.
Documentation is a very important part and can save your job when things go south.
Another thing, activating an emergency user like the one available with VIRSA FireFighter is very helpful it will also maintain an audit trail.
Please also note that in granting authorizations when you are pressed for time could lead to SOD conflicts.
- SAP Managed Tags:
- Security
