Security in SAP®

Publish date:

An overview of the concept of security and its supporting SAP applications.

Security in SAP is one of the top priorities for ensuring that the organization remains stable in terms of availability of systems, security of its information and adherence to financial regulations.

Recent financial irregularities, at a major energy corporation led to its bankruptcy. It brought into place the Sarbanes-Oxley (SOX) regulation. The section IT-404 of the SOX policy relates to segregation of duties (SoD), which simply means that no user should have conflicting or violating transactions assigned. This ensures that the landscape remains free of risk.

In SAP, SOD is achieved through a concept called authorization, which has two main elements: “user,” and “access” SAP applications such as ECC have built-in controls to restrict access to users. We will also look briefly into other powerful SAP applications for security, GRC, and IDM.

User management: The lifecycle of all types of users consists of three phases: creation, modification, and termination.

Access management: Access in SAP is controlled through roles, which in turn consist of objects, such as transaction codes. So, a user can only execute those transactions that he or she has been assigned to via a role.

GRC (governance, risk, and compliance) ensures that the systems remain risk-free throughout. This is achieved through controls such as Risk Library and Mitigation controls.

Risk Library is a collection of risks that is used to detect availability of risks to users. Mitigation controls are used to denote that the risk is accepted by the organization.

There are additional modules of GRC such as Process Control and Risk Management, which are used for advanced security functionalities, such as automated monitoring and policy management.

IDM (Identity Management) is a much more powerful application than GRC, where even non-SAP applications can be provided access. It can have HR systems, for instance success factors such as data-source, or it can behave as a source itself.

IDM has workflows for approvals from business owners and can call GRC for risk analysis.

So, these are few major components of SAP, for helping an organization stay secure.

The global reach and wider accessibility such as through mobile devices have made organizations more susceptible to threats making high-level security a must-have.

Please reach out to me if you would like more information on SAP security.

Related Posts

Digital Transformation

Servitization – (Re)Dawn of the XaaS

Aditya Kamalapurkar
Date icon October 15, 2020

Warren Buffett said, “Price is what you pay. Value is what you get.” Could servitization, the...


Musical chairs with the hyperscalers

David Lowson
Date icon September 16, 2020

Bryan Adams had the luxury to sing “Yeah, we can watch the world go by, up on cloud number...


Streamlining processes for First Purchasers

Tyrone Petrakis
Date icon August 10, 2020

EnergyPath addition makes it easier to manage royalty payments, taxes, and regulatory...