Bhubaneswar ❣️ Call Girl 9748763073 Call Girls in Bhubaneswar Escort service ...
Sap security bad practices
1. The top 5 such "Bad" practies for SAP role maintenance are as follows:
1. Role naming convention - lack of naming convention, inconsistent naming
convention or inappropriate naming convention is the most basic mistake that an
organization can make. And this does not just impact the user administrator (who
may not be able to identify with the roles after some time), it adversly impacts
business users as well as auditors. Business users are often not conversant with
transaction codes and authorization ojects and rely on the role name and
description to understand the role. Without a good and inconsistent naming
convention, they may struggle to make sense of the roles.
2. Role design - most organization can design their role as master/ parent and
derived/ child roles. For example, if there are multiple plants and each of them
have buyers responsible for purchasing for their plant only, it is possible to
cerate a master/ parent Buyer role and created derived/ child Buyer roles for
each plant. This ensures consistency in business and makes it easier for user
admininstrators to manage the roles. Changes can be implemented consistently
through the master/ parent roles. In absence of master/ parent roles, the same
role may have multiple variations with different transactions.
3. Large roles - roles with large number of transactions or transactions from
multiple modules usually have a large number of authorizations. Such roles may
contain redundant authoriztions (e.g., authorization 1 with ACTVT 03 and 08 for
Object M_BEST_EKO and authorization 2 with ACTVT 01, 02, 03, 04 and 08 for
Object M_BEST_EKO). Also, it may be difficult to trace authorizations to the
transactions and may also result in authorization creep.
4. Manual insertion of transactions and/ or authorizations in the profile - this
creates variance in role and the underlying profile resulting in errors and
making role maintenance more tedious and difficult.
5. Unmaintained authorizations - many user administrators leave unmaintained
authorization (i.e., objects with some unmaintained field values) in the
profile. Such unmaintained authorization often become big nuisance in long run.
They are also one of the most common reason behind false positives raised during
authorization review.
Organizations should ensure that the user administrator do not follow any of
these "Bad" practice. This will help them keep the roles clean and sustain an
easy to understand and administer SAP roles.