Security in SAP®

Publish date:

An overview of the concept of security and its supporting SAP applications.

Security in SAP is one of the top priorities for ensuring that the organization remains stable in terms of availability of systems, security of its information and adherence to financial regulations.

Recent financial irregularities, at a major energy corporation led to its bankruptcy. It brought into place the Sarbanes-Oxley (SOX) regulation. The section IT-404 of the SOX policy relates to segregation of duties (SoD), which simply means that no user should have conflicting or violating transactions assigned. This ensures that the landscape remains free of risk.

In SAP, SOD is achieved through a concept called authorization, which has two main elements: “user,” and “access” SAP applications such as ECC have built-in controls to restrict access to users. We will also look briefly into other powerful SAP applications for security, GRC, and IDM.

User management: The lifecycle of all types of users consists of three phases: creation, modification, and termination.

Access management: Access in SAP is controlled through roles, which in turn consist of objects, such as transaction codes. So, a user can only execute those transactions that he or she has been assigned to via a role.

GRC (governance, risk, and compliance) ensures that the systems remain risk-free throughout. This is achieved through controls such as Risk Library and Mitigation controls.

Risk Library is a collection of risks that is used to detect availability of risks to users. Mitigation controls are used to denote that the risk is accepted by the organization.

There are additional modules of GRC such as Process Control and Risk Management, which are used for advanced security functionalities, such as automated monitoring and policy management.

IDM (Identity Management) is a much more powerful application than GRC, where even non-SAP applications can be provided access. It can have HR systems, for instance success factors such as data-source, or it can behave as a source itself.

IDM has workflows for approvals from business owners and can call GRC for risk analysis.

So, these are few major components of SAP, for helping an organization stay secure.

The global reach and wider accessibility such as through mobile devices have made organizations more susceptible to threats making high-level security a must-have.

Please reach out to me if you would like more information on SAP security.

Related Posts


What it takes to be a leader amongst leaders

Elisabetta Spontoni
Date icon December 11, 2019

Capgemini has been positioned as a leader among Global SAP HANA and Leonardo Ecosystem...


Strangling the life out of the ECC Core

David Lowson
Date icon November 19, 2019

Wondering about the title of this blog? I can assure you that no ECC cores were harmed in...


Automation of risk management in SAP

Plaban Sahoo
Date icon November 7, 2019

Risk management in SAP applications through automation via governance, risk, and compliance...


By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information