Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA +91-9052666559.

Published byAlan Bailey Modified over 7 years ago

Similar presentations

Presentation on theme: "SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA +91-9052666559."— Presentation transcript:

1 SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA +91-9052666559 USA : +1-678-693-3475 info@magnifictraining.com www. magnifictraining.com

2 Introduction  What is Security  Building blocks  Common terminologies used Most Common  tools in Security  CUA SAP Security Online Training www. magnifictraining.com

3 What is Security? Security concept is same around the globe like in your normal life, security means removing or restricting unauthorized access to your belongings. For example your Car, laptop or cared cards etc IT Security? Information security (sometimes shortened to InfoSec) is the practice defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...) SAP Security? In the same context of InfoSec. SAP security have the same meaning… or in other words - who can do what in SAP? SAP Security Online Training www. magnifictraining.com

4  Building Blocks  User Master  Record Roles  Profiles Authorization  Objects SAP Security Online Training www. magnifictraining.com

5 User Master Record? A User initially has no access in SAP  When we create access in system it defines UMR User Master Record information includes:  Name, Password, Address, User type, Company information  User Group  Roles and Profiles  Validity dates (from/to)  User defaults (logon language, default printer, date format, etc)  User Types: Dialog – typical for most users System – cannot be used for dialog login, can communicate between systems and start background jobs Communications Data – cannot be used for dialog login, can communicate between systems but cannot start background jobs Reference – cannot log in, used to assign additional Authorizations SAP Security Online Training www. magnifictraining.com

6  Roles and Profiles Roles is group of tcode (s), which is used to perform a specific business task.  Each role requires specific privileges to perform a function in SAP that is called AUTHORIZATIONS There are 3 types of Roles:  Single – an independent Role  Derived – has a parent and differs only in Organization Levels. Maintain Transactions, Menu, Authorizations only at the parent level  Composite – container that contains one or more Single or Derived Roles SAP Security Online Training www. magnifictraining.com

7 Authorization Objects Authorization Objects are the keys to SAP security When you attempt actions in SAP the system checks to see whether you have the appropriate Authorizations The same Authorization Objects can be used by different Transactions SAP Security Online Training www. magnifictraining.com

8 User Buffer? When a User logs into the system, all of the Authorizations that the User has are loaded into a special place in memory called the User Buffer As the User attempts to perform activities, the system checks whether the user has the appropriate Authorization Objects in the User Buffer. You can see the buffer in Transaction. SAP Security Online Training www. magnifictraining.com

9 Executing a Transaction (Authorization Checks) 1)Does the Transaction exist? All Transactions have an entry in table TSTC 2) Is the Transaction locked? Transactions are locked using Transaction SM01 Once locked, they cannot be used in any client 3)Can the User start the Transaction? Every Transaction requires that the user have the Object S_TCODE=Transaction Name Some Transactions also require another Authorization Object to start (varies depending on the Transaction) 4)What can the User do in the Transaction? The system will check to see if the user has additional Authorization Objects as necessary SAP Security Online Training www. magnifictraining.com

10 How to trace missing Authorization Frequently you find that the role you built has inadequate accesses and will fail during testing or during production usage. Why? Why It happens? Negligence of tester or some other reason How process initiated? This process kicks when security guy receives:  Email or  phone call or  ticket SAP Security Online Training www. magnifictraining.com

11 How do we determine correct accesses required?  SAP has various tools to analyse access errors and determine correct Authorizations required:  Use Last Failed Authorization check - SU53 (60% effective)  Use Assignment of Auth Object to Transactions - SU24 (60% effective)  Trace the Authorizations for a function - ST01 (90% effective) SAP Security Online Training www. magnifictraining.com

12  Common Terminologies  User master Records Roles Authorizations Authority  Check user buffer Authorization Errors security matrix  Profiles Authorization Objects User menus SAP Security Online Training www. magnifictraining.com

13 SAP Password controls There are some Standard SAP password Controls delivered by SAP which cannot be changed  First-time users forced to change their passwords before they can log onto the SAP system, or after their password is reset.  Users can only change their password when logging on.  Users can change their password at most, once a day  Users can not re-use their previous five passwords.  The first character can not be “?” or “!”.  The first three characters of the password cannot  appear in the same order as part of the user name.  all be the same.  include space characters.  The password cannot be PASS or SAP*. SAP Security Online Training www. magnifictraining.com

14  Password Controls - cont.  SAP Password System Parameters - system wide settings that can be configured by MPL - Minimum Password Length Password locked after unsuccessful login attempts Password Expiration time Password complexity  Illegal Passwords MPL can define passwords that cannot be used  Enter impermissible passwords into SAP table USR40 MPL = Master parts List SAP Security Online Training www. magnifictraining.com

15 Tools:  SU01 User Maintenance  PFCG Role Maintenance  SUIM Authorization Reporting Tree  SU02 Maintain Profiles  SU03 Maintain Authorisations  SU10 User Maintenance: Mass Changes  SU21 Maintain Authorization Objects  SU24 Auth Object check under transactions  SU3 Maintain default settings  SU53 Display Authority Check Values SAP Security Online Training www. magnifictraining.com

16 CUA Central User Administration is a feature in SAP that helps to streamline multiple users account management on different clients in a multi SAP systems environment. This feature is laudable when similar user accounts are created and managed on multiple clients  Centralized Admin  Data consistency & accuracy  Eliminate redundant efforts SAP Security Online Training www. magnifictraining.com

17 SAP Security Online Training  We offer you: 1. Interactive Learning at Learners convenience 2. Industry Savvy Trainers 3. Learn Right from Your Place 4. Customized Curriculum 5. 24/7 system access 6. Highly Affordable Courses 7. Support after Training a. Resume Preparation b. Certification Guidance c. Interview assistance www. magnifictraining.com

18 SAP Security Online Training

Download ppt "SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA +91-9052666559."

Similar presentations

Pearson Access for SAC’s

Pearson Access for SAC’s
Chapter Five Users, Groups, Profiles, and Policies.

Chapter Five Users, Groups, Profiles, and Policies.
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.

0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
Understand Database Security Concepts

Understand Database Security Concepts
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.

SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.
 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, 1998- James R. Mensching, Gail Corbitt.

 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
University of Southern California Enterprise Wide Information Systems Getting Started in R/3 Instructor: Richard W. Vawter.

University of Southern California Enterprise Wide Information Systems Getting Started in R/3 Instructor: Richard W. Vawter.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.

SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
SPS FPDS-NG Integration: System Administration April 20, 2006.

SPS FPDS-NG Integration: System Administration April 20, 2006.
FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)

FCS - AAO - DM COMPE/SE/ISE 492 Senior Project 2 System/Software Test Documentation (STD) System/Software Test Documentation (STD)
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.

Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.

I.Information Building & Retrieval Learning Objectives: the process of Information building the responsibilities and interaction of each data managing.
Authorizations in SAP.

Authorizations in SAP.
Module 3: Administrator Set-Up Intuit Financial Services University Internet Banking Certification Training.

Module 3: Administrator Set-Up Intuit Financial Services University Internet Banking Certification Training.
Module One Logon and Overview

Module One Logon and Overview
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.

Similar presentations

Ads by Google