Fiori is no longer a new technology. But the latest version has brought a whole series of changes that are also relevant for authorized users. We take a look at what the new Fiori objects Spaces, Pages and Sections are all about – and how they affect authorizations.
Author Archives: K1203130620
Identity Services – the gateway to the SAP cloud world
Identity Directory Service An SAP directory service in which all user and group assignments are stored (analogous to e.g.AD/AAD) Identity Provisioning Service A service that provisions group assignments in the backend system, including attribute mappings and transformations Identity Authentication Service The IdP from SAP. This can be used to implement MFA and SSO scenarios orContinue reading “Identity Services – the gateway to the SAP cloud world”
What are critical authorizations?
Critical authorizations and segregation of duties conflicts (SoD conflicts) are part of everyday life for authorizers. However, this does not make dealing with them any less challenging. Especially because different authorizations can be considered critical in every company. We explain how you can identify critical authorizations and how you can minimize the risk.
Transaction types in SAP
In SAP, there are a variety of transaction types that allow users to perform business processes. However, each transaction type has its own risks in terms of data protection and system security.
Analysis tools in SAP authorizations
Suddenly, a user can no longer work properly in the SAP system. And of course – allegedly – missing authorizations are to blame. We will show you how to quickly and reliably analyze whether and which authorization errors are really present.
Authorize function modules
Function modules (FuBa) are used everywhere in the SAP system. The standard already delivers a large number of FuBas. In addition, developers can create customer-specific function modules. These do not always have to be authorized separately. But if you need to authorize function modules, you can find out how here.
Basic role for all users
A basic role combines almost all authorizations that all users need. It can be assigned automatically when a new user is created in the system, assigned directly, or included in composite or business roles, thus facilitating the rapid assignment of basic SAP authorizations.
Using parameter transactions
Preventing input errors and speeding up processes – to ensure this, parameter transactions are often a good choice. Today, we will explain to you what you need to consider as an authorization professional and how you can restrict parameter transactions.
Using SAP_ALL and SAP_NEW correctly
The standard SAP_ALL and SAP_NEW profiles allow you to assign a user full authorizations for all transactions and functions in the SAP system. It is well known that the profiles represent an enormous security risk. Nevertheless, they are often required for scenarios such as the use of emergency users or for technical users. Find out how to use SAP_ALL and SAP_NEW correctly here.
Using the user buffer and user synchronization correctly
If authorization errors occur despite correct authorizations, it is worth taking a closer look at the user buffer.