SAP Security

 

1. Introduction

1.1 Objectives and Goals of SAP Security Course

1.2 SAP Net Weaver Fundamentals

• Overview of SAP R/3
• SAP GUI configuration
• SAP logon screen
• Initial screen in SAP systems
• Maintaining your user profile
• Favorites list and user menu
• Calling Functions
• Additional navigation options
• Processing user requests
• SAP Server Database Interface
• SAP Server Processes
• SAP Client Structure
• System Landscape
• Remote Function Calls

 

2. SAP Authorizations

2.1 SAP Authorizations

• Why Do We Require Authorizations?
• Security Overview
• SAP Access Controls
• Users, Roles, and Authorizations
• Technical Implementation of Roles
• User-Specific Menus

 

2.2 Authorization Concept Implementation

• Implementation Methods and Authorizations
• Role and Authorization Concept: Steps
• Step 1: Preparation
• Team members for Roles and Authorizations
• Step 2: Analysis & Conception
• Technical Conception: Role Implementation
• Analysis: Determine user roles
• Conception: Complete User Roles (1)
• Technical Conception: Role Implementation
• Step 3: Implementation
• Step 4: Quality Assurance & Tests
• Step 5: Cutover
• Implementing User and Authorization Administration
• User and Authorization Administration

 

3. Fundamentals of SAP Authorization

3.1 SAP Authorisation elements

• Elements of the SAP Authorization Concept
• Field, Object & Object Classes
• Authorization level
• Authorizations and Authorization Profiles
• Create roles using profile generator PFCG

 

3.2 Authorisation check Process

• Authorization Checks at Transaction Start
• Authorization Check in the Program
• SAP User Buffer

 

4. SAP User Master

4.1 Creating and Maintaining User Master Data

• Components of the User Master
• Tab  Address
• Tab – Logon Data
• User Types
• Tab  Defaults
• Tab  Parameters
• Tab  Roles
• Tab Profiles
• Tab  Groups
• Tab  Personalization
• Tab – License Data
• User Mass Maintenance

 

5. Role Maintenance

5.1 PFCG Profile Generator

• PFCG – Profile Generator
• Role Name and Description
• Role Menus
• Maintain authorization
• Maintain authorization data
• Authorization profile
• User assignment
• User master comparison

 

5.2 Composite Roles

• Composite Roles and User
• Composite role menu

 

5.3 Master Roles and Derived Roles

• Master Roles and Derived Roles
• Derived Roles Menu

 

5.4 Authorization Maintenance

• Traffic Light Legend
• Icons Legend
• Status Texts

 

6. Authorization Development

6.1 End User Role Development

• Naming Convention
• Single Role, Org Level
• Single Roles Org Level

 

6.2 User Administration –

• 4 eye principle
• 4 eye principle
• 8 eye principle
• 8 eye principle Implementation

 

7. Administrative Settings

7.1 Settings for Role Maintenance

• Activation of the Profile Generator
• PFCG Default Values
• Default Tables
• Adjusting Check Indicators
• ST22 SAP Default Check

 

7.2 SAP Upgrade Steps

• Upgrade Steps
• SAP_ALL & SAP_NEW

 

7.3 Access Control Administration

• Profile Parameters and Password Rules
• Password Checks with System Profile Parameters
• Special Users

 

7.4 Analyze Authorization Issues

• SU53 Authorization check
• ST01 Authorization trace
• Authorisation Issues
• Authorisation verification

 

8. SAP HCM Security

8.1 Introduction to SAP  HR

• Basics
• Infotypes
• HR  Tcode

 

8.2 HR Authorisation

• HR Authorization Concept
• HR Object
• HR Data
• HR Security – authorization switch
• HR Authorization Field
• P_ORGIN vs P_ORGINCON
• P_PERNR
• P_APPL & PLOG

 

8.3 Structural Authorizations

• Structural Authorizations definition and details

 

8.4 Indirect Role Assignment

• Indirect role assignment Steps and details

 

9. Transporting Authorizations

9.1 Transporting Authorizations

• SAP transport
• Transport Request
• Authorization profiles Setting
• Download and upload Roles
• Mass Transport & Mass download
• Mass Profile Generator & Mass compare
• Transporting User Master Records
• Client Copy

 

9.2 Authorization Concept for Transport Handling

• Transport Request Activity
• Transport handling authorisation matrix

 

10. Interface and Special Authorization

10.1 Interface(RFC) Authorization

• Remote Function Call
• RFC Authorization
• RFC Authorization Object
• Create RFC Role

 

10.2 Special Authorisation

• Table Maintenance
• Table Maintenance of Cross-Client Tables
• Table Authorization for Organizational Unit
• Create Table auth group
• Auth Group Checking
• Reports
• Background Job
• Spools
• User/Roles
• BDC Sessions
• ABAP Work Bench

 

10.3 Custom Auth Objects

• User of Custom object
• SU20 – Maintain Authorization Fields
• SU21 – Maintain Authorization Objects

 

10.4 Call Transaction (SE97)

• SE97-Maint. transaction call authorization
• Message Type

 

11. Central User Administration

• Introduction to Central User Administration
• Decentralized User Administration
• Central User Administration
• ALE Data Distribution
• ALE Setup
• Setup of the Central User Administration
• SCUM User Distribution Field Selection
• Integration of Existing Systems
• Copying User Master Records
• Central User Maintenance
• Setup CUA

 

12. SAP Audit Information System

• Purpose of and Procedures for Security Audits
• Tools available Security Audits
• Audit Information System (AIS)
• Audit Environment
• Target Groups
• Major Components of System Audit
• Using AIS from a System Audit Perspective

 

13. Security Audit Tools

13.1 Security Audit Log

• .AIS Path
• .Introducing the Security Audit Log
• Information in security audit log
• Security Audit Log Architecture
• The Audit File and the Audit Record
• Instance Parameters
• Configuring Filters
• Configuring Security Audit Filters
• Audit Profile
• Dynamic Filters
• Defining Filters
• Audit Analysis
• Reading the Security Audit Report
• Deleting Old Audit Files

13.2 CCMS Alert Monitor

• Security Monitor
• Audit Information System Menu Paths

 

13.3 Activities Log

• Audit Information System (AIS)
• Logging of Specific Activities
• Application Logging
• Logging Workflow Execution
• ogging Change Documents
• Logging Changes to Table Data
• Logging Changes Made Using the Change and Transport System
• Change Log User and Authorization
• Logging HR Reports
• Menu Paths in Audit Information System

14. SAP Security Optimization

14.1 User Monitoring and Reporting

• User Information System
• User IDs with Initial Password

 

14.2 Segregation of Duty (SoD)

• Details of Segregation of Duty

 

14.3 Critical Transaction & Critical Combination

• RSUSR008_009_NEW
• Critical Authorization
• Critical Combinations
• Analyze the result

 

14.4 Securing User & Password

• Securing SAP Standard Users
• Password Exceptions
• Parameters Used for Password Checks
• Parameters Used for Multiple Logons
• Parameters Used for Incorrect Logons
• Parameters Used for Limited Validity of Initial Password
• Parameters Used to Turn Off Password Logon
• Other Logon Parameters

 

14.5 Securing Production Systems

• System Change Options
• Client Change Options
• Client Specific Object
• Configuration/Development Client

 

15. Secure Network Communications (SNC)

• SNC Overview
• Using the SAP Cryptographic Library for SNC
• Configuring the Use of the SAP Cryptographic Library for SNC
• Install the SAP Cryptographic Library
• Set Parameters for the Trust Manager
• Create PSE and Credentials
• Set Profile Parameters
• Make Access Control List Entries

 

16. Conclusion

• Conclusion