rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781592290161

SAP Authorization System: Design and Implementation of Authorization concepts for SAP R/3 and SAP Enterprise Portals

  • ISBN13:

    9781592290161

  • ISBN10:

    1592290167

  • Format: Hardcover
  • Copyright: 2003-09-16
  • Publisher: Sap Pr America
  • Purchase Benefits
List Price: $59.95

Table of Contents

Foreword 11(2)
1 Introduction 13(16)
1.1 Notes on This Book
13(4)
1.1.1 Chapter Overview
14(1)
1.1.2 Target Group
15(1)
1.1.3 The Focus of This Book
16(1)
1.2 SAP R/3 Environment
17(9)
1.2.1 SAP R/3 Security Aspects
17(2)
1.2.2 IT Infrastructure
19(1)
1.2.3 Integration of Security Aspects and the Infrastructure
20(3)
1.2.4 Further Development with the Web Architecture (ITS)
23(1)
1.2.5 mySAP Workplace/SAP Portal
24(2)
1.3 Complex System Landscapes
26(2)
1.4 Conclusion
28(1)
2 SAP R/3 Users and Authorizations 29(76)
2.1 Preliminary Remark—Security in the SAP R/3 System
29(3)
2.1.1 Risks
29(1)
2.1.2 Goals
30(1)
2.1.3 Expense
30(1)
2.1.4 Benefits
31(1)
2.1.5 Environment
31(1)
2.2 The SAP R/3 User
32(10)
2.2.1 User Master Record
32(4)
2.2.2 User Groups
36(1)
2.2.3 User Types
37(1)
2.2.4 Password Rules
38(2)
2.2.5 SAP R/3 Standard Users
40(1)
2.2.6 Relevant SAP Tables for User Master Records
41(1)
2.3 The SAP R/3 Authorization Concept
42(19)
2.3.1 Profile Generator
43(1)
2.3.2 Transactions, Authorization Objects, and Authorizations
44(4)
2.3.3 Enterprise Structure and Organizational Levels
48(1)
2.3.4 Roles
49(3)
2.3.5 Authorization Profiles
52(1)
2.3.6 Technical Procedure—SAP Profile Generator
53(4)
2.3.7 Naming Conventions
57(1)
2.3.8 Relevant SAP Tables for Authorizations and Roles
58(2)
2.3.9 Separation of Responsibilities in Administration
60(1)
2.4 Default System Settings
61(6)
2.4.1 Instances and Profile Parameters
63(1)
2.4.2 Transferring the SAP Proposals to the Customer Tables
64(3)
2.5 Authorization Checks in the SAP Applications
67(6)
2.6 Protecting Tables
73(2)
2.7 Protecting Reports
75(3)
2.7.1 ABAP/4 Programs
75(1)
2.7.2 Protecting Programs
76(1)
2.7.3 Using Customer-Developed Transactions
77(1)
2.8 Basis Security
78(5)
2.8.1 Preliminary Remark
78(1)
2.8.2 Affected Basis Authorizations
78(5)
2.9 HR Security
83(9)
2.9.1 Authorization Objects—Authorization Main Switch
84(2)
2.9.2 Personnel Number Check
86(1)
2.9.3 Additional Master Data Check
87(1)
2.9.4 Structural Authorizations
88(3)
2.9.5 More Authorization Checks That You Can Activate
91(1)
2.9.6 Conclusion
91(1)
2.10 New Features in Release 4.6
92(2)
2.11 Central User Administration and Global User Manager
94(2)
2.11.1 Central User Administration
94(2)
2.11.2 Global User Manager
96(1)
2.12 History of SAP Technologies in the Authorization Area
96(3)
2.12.1 Background
96(1)
2.12.2 Object-Oriented Concept
97(1)
2.12.3 Object-Oriented Concept with S_TCODE
98(1)
2.12.4 Migration and Migration Tools
98(1)
2.13 Summary and Conclusion
99(4)
2.13.1 System Access Protection
100(1)
2.13.2 User Administration
100(1)
2.13.3 Authorization Concept
101(1)
2.13.4 Documentation of the Access Protection System
102(1)
2.13.5 Retention Periods
103(1)
2.14 Important SAP Notes in the Authorization Area
103(2)
3 Embedding in the Internal Control System 105(20)
3.1 Necessity of an Internal Control System
106(8)
3.1.1 Determining the Risk Environment
108(3)
3.1.2 Identifying the Risk Source (Processes, Areas, and so on)
111(1)
3.1.3 Risk Analysis
111(3)
3.2 Transformation into the Control Environment
114(6)
3.2.1 Structure of the Control Environment
114(1)
3.2.2 Requirements of a Control Environment
115(3)
3.2.3 Control Categories
118(1)
3.2.4 Control Types
119(1)
3.3 Identifying the Implementation
120(4)
3.3.1 SAP R/3 Authorization Concept
120(2)
3.3.2 Implementation—Constraints
122(1)
3.3.3 Compensatory Controls
123(1)
3.3.4 Classifying the Authorization Controls
123(1)
3.3.5 Documenting the Controls
123(1)
3.4 Monitoring and Auditing the ICS
124(1)
3.4.1 Internal Audits
124(1)
3.4.2 External Auditors
124(1)
3.4.3 Enterprise Awareness
124(1)
4 Procedure Model for Designing an Authorization Concept 125(38)
4.1 The IBM Phased Model
125(11)
4.1.1 Overview
125(1)
4.1.2 Project Preparation and Framework Conditions
126(1)
4.1.3 Definition of Functions (Roles) at an Enterprise
127(1)
4.1.4 Rough Design—Creating a Task/Function Matrix
128(4)
4.1.5 Detailed Design Concept—Creating an Organization/Value Matrix
132(1)
4.1.6 Implementation—Creating the Single Roles and Profiles
133(1)
4.1.7 Implementation—Creating the Composite Roles
133(1)
4.1.8 Test, Documentation, and Review
134(1)
4.1.9 Configuring the User Master Records
134(1)
4.1.10 Defining a Support Concept
134(1)
4.1.11 GoingLive Preparation—Knowledge Transfer and Training
135(1)
4.1.12 Rollout Support and Going Live Support
135(1)
4.1.13 Monitoring and Review
135(1)
4.2 Involved Parties
136(4)
4.2.1 General
136(1)
4.2.2 Steering Committee
137(1)
4.2.3 Project Management
138(1)
4.2.4 Auditors
138(1)
4.2.5 Module Specialists and Process Specialists
138(1)
4.2.6 Contact Persons from the User Departments
139(1)
4.2.7 User and Authorization Administration
139(1)
4.3 Important Aspects in Detail
140(16)
4.3.1 The Eleven Basic Rules
140(2)
4.3.2 Framework Conditions
142(1)
4.3.3 Degree of Detail of an SAP Authorization Concept
143(2)
4.3.4 Documenting the Authorization Roles
145(3)
4.3.5 Template Approach
148(2)
4.3.6 Naming Conventions
150(6)
4.4 Definition of Work Areas
156(7)
4.4.1 Defining the Utilized SAP Functional Scope
156(1)
4.4.2 Procedure for Defining Roles at the Enterprise
156(7)
5 Procedure Model for Implementing an Authorization Concept 163(36)
5.1 Overview
163(1)
5.2 Implementation
164(14)
5.2.1 The Profile Generator—Overview
164(4)
5.2.2 Initializing the Profile Generator
168(2)
5.2.3 Roles Provided by SAP
170(1)
5.2.4 User Menus
171(1)
5.2.5 Generating the Authorizations
172(4)
5.2.6 Copying Roles and the Inheritance Function
176(1)
5.2.7 Composite Roles
177(1)
5.3 Testing the Implemented Roles
178(9)
5.3.1 Requirements
178(1)
5.3.2 Unit Test
179(1)
5.3.3 Role Integration Test
180(1)
5.3.4 User Acceptance Test
180(1)
5.3.5 Final Review
181(1)
5.3.6 Technical Implementation of the Role Tests
181(3)
5.3.7 Maintaining Authorization Data Manually
184(3)
5.4 Configuring the User Master Records
187(1)
5.5 Going Live
188(1)
5.6 Regular Operations
189(6)
5.6.1 The Authorization Concept in a Live System
189(1)
5.6.2 User and Role Administration
190(2)
5.6.3 Change Request Procedure
192(3)
5.7 Emergency Concept
195(1)
5.7.1 Background
195(1)
5.7.2 Multilevel Emergency Concept
195(1)
5.7.3 Flows and Processes for Requesting and Logging
196(1)
5.8 Technical Details
196(3)
5.8.1 "Authorizations" Information System
197(1)
5.8.2 Reducing the Scope of Authorization Checks
197(1)
5.8.3 SAP_ALL and SAP_NEW
198(1)
6 Auditing SAP R/3 Authorization Concepts 199(26)
6.1 User Information System
200(3)
6.1.1 Structure
200(2)
6.1.2 Conclusion
202(1)
6.2 Audit Information System
203(15)
6.2.1 History
203(1)
6.2.2 Audit Approach
203(1)
6.2.3 Structure
203(4)
6.2.4 System Audit
207(2)
6.2.5 AIS Subtree "User Administration"
209(2)
6.2.6 Authorizations for the AIS
211(1)
6.2.7 AIS Role Concept
212(2)
6.2.8 Authorizations for Auditing Authorization Concepts
214(2)
6.2.9 Data Collection and Evaluation Techniques
216(2)
6.2.10 Conclusion
218(1)
6.2.11 More Information on the AIS
218(1)
6.3 Direct Table Access
218(1)
6.4 Supplementary Audit Areas
219(1)
6.5 Other Audit Tools
220(5)
6.5.1 SAPAudit—CheckAud
220(1)
6.5.2 ACE
221(2)
6.5.3 APM
223(1)
6.5.4 More Tools
223(1)
6.5.5 Conclusion
224(1)
7 SAP Enterprise Portal 225(26)
7.1 General Aspects
225(2)
7.2 Portal Components
227(2)
7.2.1 Web Server
227(1)
7.2.2 Application Server
227(1)
7.2.3 Runtime and Development Environment
228(1)
7.2.4 Directory Service
228(1)
7.2.5 Database
228(1)
7.2.6 Search Engines
229(1)
7.3 Interaction between the Portal and SAP R/3
229(2)
7.3.1 Drag & Relate
230(1)
7.4 Access Control and Administration
231(11)
7.4.1 Identification and Authentication
232(2)
7.4.2 User Administration
234(2)
7.4.3 Role
236(2)
7.4.4 Personalization
238(1)
7.4.5 Synchronization
238(1)
7.4.6 Single Sign-On
239(3)
7.5 Other Security Controls
242(9)
7.5.1 Requirements
242(1)
7.5.2 Risks
243(2)
7.5.3 Physical Security
245(1)
7.5.4 Organizational Security
246(1)
7.5.5 Installing Updates
246(1)
7.5.6 Antivirus Software
247(1)
7.5.7 Security Perimeter to the Internet
247(1)
7.5.8 Intrusion Detection System
247(1)
7.5.9 Encryption and Integrity Verification
247(1)
7.5.10 Secure Operating System Configuration
248(1)
7.5.11 Summary
249(2)
8 Future Developments and Methods 251(8)
8.1 Preface
251(7)
8.1.1 Access to Enterprise Directories (LDAP)
252(1)
8.1.2 Central User Administration
253(1)
8.1.3 Authorization and Role Administration (SAP Web AS)
254(2)
8.1.4 User Authentication
256(2)
8.2 Related Issues
258(1)
8.2.1 Other Transactions
258(1)
8.3 Outlook
258(1)
Appendix
A Authorization Objects
259(4)
B SAP Notes
263(4)
C Bibliography
267(2)
D About the Authors
269(4)
Index 273

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program