Whitepaper - 5 golden rules for secure User Management
Whitepaper - 5 goldene Regeln für ein sicheres User Management
Use these tricks and get back control over your SAP authorizationsn
Does the following sound familiar? Historic growth of an organization’s SAP user roles creates risk and management challenges that are rarely remediated without large-scale efforts or negative impacts on day-to-day operations. A clear picture about who currently has (and should have) which authorizations tends to become fuzzier with every passing year of SAP usage. One contributor to this challenge is a common workaround: employees and developers request and are provided more access than they require to perform job duties.
A particular danger with SAP authorization management is that unauthorized access to sensitive data in the SAP system can occur. However, certified security standards require a restrictive allocation of critical authorizations and a regular review of the existing role and authorization concept. Especially in terms of security and GDPR you have to be cautious!
This white paper shows you how to manage your SAP authorizations in a secure and compliant way. With our five rules for secure user management, you are protected against all dangers!
Interested to learn more?
Watch here a 5-minute video to understand how we can help you.
- Everyone only gets the permissions that he really needs
- Avoid power users!
- Check your authorizations regularly
- Define critical activities and ensure an adequate monitoring
- Monitor developers and development processes
- Avoid inactive accounts
- Avoid mistakes – Automate the process of creating and deleting users
- Document each decision
- Action instead of reaction
- SAP Authorization Management – Easy as 1-2-3
have a look into our other Whitepapers
Everyone only gets the permissions that he really needs
When assigning rights, you should always pay attention to whether the rights are really necessary at the relevant workplace. Otherwise, a large number of different authorizations or roles will inevitably result. It is then the task of the SAP Basis to manage these roles reliably and efficiently. The use of technical aids such as setQ is strongly recommended for this.
The responsibility for assigning rights lies with the respective departments. Only the responsible department can assess the necessity for the rights applied for. It should be noted, however, that specialist departments are generally not SAP specialists. They therefore need an easy-to-use user interface and help or advice on what individual authorizations or roles mean.
Avoid power users!
Power users have enormous permissions in your system – thus they represent a great risk for your security and compliance.
We therefore recommend the use of “Fire Fighters”. These are users who only have special permissions in an emergency for a certain period of time. These permissions are fully documented during use. You define these authorizations in advance so that they can be quickly implemented in an emergency.
With setQ this process is completely automated.
Check your authorizations regularly
Rights granted in the past should be questioned periodically. Such re-certifications help to avoid conflicts, for example when employees change departments.
The check should be carried out workflow-supported by the respective responsible departments. This process must be fully documented, as auditors, or in some industries also regulatory authorities, check this documentation.
However, the control of the authorizations can hardly be mastered manually. In addition, it is extremely expensive. The right tool does the work for you and controls the authorizations fully automatically and in compliance.