- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
basis?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2007 5:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2007 7:46 AM
Hi Kamal,
From SAP Release 3.1G, SAP has continued to develop the Profile Generator to allow quicker development of authorization profiles. All authorizations should now be created using the Profile Generator, as most new functionality relies upon the assignment of roles to users rather than authorization profiles. It should be noted that assigning a role to a user will automatically assign the corresponding profile.
Benefits provided through the use of the profile generator to define authorization profiles include:
• reduced complexity and ease of use; and
• simplification of role and profile administration.
Mass maintenance of user access security design and structure can now be performed in the profile generator, which will significantly improve efficiency and accuracy of changes being made to a large number of records. When in the menu tab of the profile generator, transaction code names can be toggled on/off by selecting the magnifying glass icon in the top right of the tab.
SIGNIFICANT RISKS
• Unauthorized, or inappropriate, changes to user security resulting in excessive access, or
users not having access to perform functions.
• Authorization values may be inaccurately defined, granting inappropriate access to users.
• SAP standard delivered roles if allocated without configuration may not provide adequate organizational restrictions, or may contain transactions that the organization has deemed to be segregation of duties conflicts.
• Passwords provided to users by security administration staff are standard, or easily guessable, resulting in unauthorized users gaining access to the SAP system.
A significant amount of attention is currently focused on Section 302 (Disclosure) and Section 404 (Internal Controls) of <b>Sarbanes-Oxley Sections</b>. This is how Security has become a very bif concern for all the companies.
<b>Frequently used security T-codes</b>
SU01 Create/ Change User SU01 Create/ Change User
PFCG Maintain Roles
SU10 Mass Changes
SU01D Display User
SUIM Reports
ST01 Trace
SU53 Authorization analysis
Whereas a Basis Consultant will have to deal with Installations, Upgradation, Spool Administration, Etc....
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2007 6:50 AM
Hello,
Some yrs back thre was a very thin line of difference between system admin and security. Now the concept of Information Security Managent has changed drastically and a lot of emphasis is being given to this. Basically it deals with recognising threats towards information and taking protective measures in this regard.International standards has been formulated to provide a model for establishing,implementing, operating, monitoring,reviewing,maintaining and improving an Information Security MAnagement System(ISMS). ISO 270001 deals with these things.
To know about Security (not only relating to SAP but relating to Information system as a whole) pl visit :
It feels good to see that SAP has intelligently taken care of this aspect.
Hope this throws some light on your querry.
Pl dont forget to award points suitably.
Regards
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2007 7:46 AM
Hi Kamal,
From SAP Release 3.1G, SAP has continued to develop the Profile Generator to allow quicker development of authorization profiles. All authorizations should now be created using the Profile Generator, as most new functionality relies upon the assignment of roles to users rather than authorization profiles. It should be noted that assigning a role to a user will automatically assign the corresponding profile.
Benefits provided through the use of the profile generator to define authorization profiles include:
• reduced complexity and ease of use; and
• simplification of role and profile administration.
Mass maintenance of user access security design and structure can now be performed in the profile generator, which will significantly improve efficiency and accuracy of changes being made to a large number of records. When in the menu tab of the profile generator, transaction code names can be toggled on/off by selecting the magnifying glass icon in the top right of the tab.
SIGNIFICANT RISKS
• Unauthorized, or inappropriate, changes to user security resulting in excessive access, or
users not having access to perform functions.
• Authorization values may be inaccurately defined, granting inappropriate access to users.
• SAP standard delivered roles if allocated without configuration may not provide adequate organizational restrictions, or may contain transactions that the organization has deemed to be segregation of duties conflicts.
• Passwords provided to users by security administration staff are standard, or easily guessable, resulting in unauthorized users gaining access to the SAP system.
A significant amount of attention is currently focused on Section 302 (Disclosure) and Section 404 (Internal Controls) of <b>Sarbanes-Oxley Sections</b>. This is how Security has become a very bif concern for all the companies.
<b>Frequently used security T-codes</b>
SU01 Create/ Change User SU01 Create/ Change User
PFCG Maintain Roles
SU10 Mass Changes
SU01D Display User
SUIM Reports
ST01 Trace
SU53 Authorization analysis
Whereas a Basis Consultant will have to deal with Installations, Upgradation, Spool Administration, Etc....
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2007 5:50 PM
hi,
need link about how transports are done within the system r between the system?what are all the transactions used for it?
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2007 8:38 AM
Hi Kamal,
With in the system we use SCC1 tcode to copy transports form one client to other.
Across systems we use STMS as the tcode.
Hope it helps and also advice u to open a new thread as this is a solved thrd.
Award points for helpful answers
Br,
Sri
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2007 9:47 AM
Kamal, in addition to what the previous posters have stated, there are also different skills required for security.
While there is a reasonable element of technical understanding needed, a security resource should also have an understanding of the major business processes, how SAP implements them, the main risks in each of and between them, and how the security mechanisms in SAP can be used as a control point to mitigate those risks.
Increasingly, a working knowledge of general IT controls and an understanding of compliance and control frameworks is necessary.
- SAP Managed Tags:
- Security
