Security in SAP®

Publish date:

An overview of the concept of security and its supporting SAP applications.

Security in SAP is one of the top priorities for ensuring that the organization remains stable in terms of availability of systems, security of its information and adherence to financial regulations.

Recent financial irregularities, at a major energy corporation led to its bankruptcy. It brought into place the Sarbanes-Oxley (SOX) regulation. The section IT-404 of the SOX policy relates to segregation of duties (SoD), which simply means that no user should have conflicting or violating transactions assigned. This ensures that the landscape remains free of risk.

In SAP, SOD is achieved through a concept called authorization, which has two main elements: “user,” and “access” SAP applications such as ECC have built-in controls to restrict access to users. We will also look briefly into other powerful SAP applications for security, GRC, and IDM.

User management: The lifecycle of all types of users consists of three phases: creation, modification, and termination.

Access management: Access in SAP is controlled through roles, which in turn consist of objects, such as transaction codes. So, a user can only execute those transactions that he or she has been assigned to via a role.

GRC (governance, risk, and compliance) ensures that the systems remain risk-free throughout. This is achieved through controls such as Risk Library and Mitigation controls.

Risk Library is a collection of risks that is used to detect availability of risks to users. Mitigation controls are used to denote that the risk is accepted by the organization.

There are additional modules of GRC such as Process Control and Risk Management, which are used for advanced security functionalities, such as automated monitoring and policy management.

IDM (Identity Management) is a much more powerful application than GRC, where even non-SAP applications can be provided access. It can have HR systems, for instance success factors such as data-source, or it can behave as a source itself.

IDM has workflows for approvals from business owners and can call GRC for risk analysis.

So, these are few major components of SAP, for helping an organization stay secure.

The global reach and wider accessibility such as through mobile devices have made organizations more susceptible to threats making high-level security a must-have.

Please reach out to me if you would like more information on SAP security.

Related Posts


Reaping the benefits of working with a great team: The SAP Innovation award

Hugo Wasser
Date icon February 21, 2020

The Capgemini SAP Innovation Center has been awarded the SAP Partner Award in the Netherlands...


A journey to the intelligent enterprise

Amitabh Dubey
Date icon February 21, 2020

A guide with key steps to becoming an Intelligent Enterprise leveraging SAP Digital Core and...


Getting wise on modern technology, process architecture and methods needed for SAP S/4 HANA

Lowson, David
Date icon February 21, 2020

Find out more on the skills required for the successful implementation of SAP S/4HANA...


By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information