Successfully reported this slideshow.

Sap security for audit seminar


Published on

Published in: Education
  • Be the first to like this

Sap security for audit seminar

  1. 1. IRIS Authorizations/ Security
  2. 2. User Administrationn User Maintenance - defining a user has many components including the following: n Basic User Data n Defaults n Parameters n User Authorizationsn Primary Transaction – SU01n Central User Administration
  3. 3. Basic User Datan Namen Initial Passwordn Validity period of a user’s accountn User Groupn User Type
  4. 4. Types of R/3 Internal Usersn Dialogn Batch Data Communication - BDCn Backgroundn CPIC
  5. 5. User Defaultsn Logon languagen Default printer (local or network)n Date and decimal formatsn Time Zone
  6. 6. Parameters Used to determine the default value for a field. • Parameter Id • Value • Description
  7. 7. Standard ParameterAssignments KME Z_UT FI Account Assignment Model KPL UT Chart of Accounts MOL 10 Personnel Grouping PNI US Country Key UGR 10 HR User Group VKO UT Sales Organization BUK UT Company Code CAC UT Controlling Area EKO UT Purchasing Organization FIK UT FM Area FWS USD Curreny Unit FZ2 Z_UT G/L Account Line Layout FZ5 Z001 Parking Document Line Layout FBZ Z01 Posting Document Line Layout
  8. 8. Rules for Passwordsn Minimum 6 charactersn Not to begin with ‘?’ or ‘!’n Not to begin with any sequence of 3 characters contained in the user namen Not to begin with 3 identical charactersn Can not use ‘PASS’ or ‘SAP’n USR40 Password Lockout Listn NOT Case-sensitiven Can change only once a dayn Can not change to 5 previous passwords
  10. 10. User Authorizationsn Granted via Activity Groups/Roles and/or Profilesn Assigned to user master records to provide access to R/3 functionality
  11. 11. Activity Groupsn Created via the Profile Generator (PFCG)n Serve as containers for user menus and authorization objects and valuesn Used to generate authorization profiles
  12. 12. Authorization Profilesn Generated from assignments made to Activity Groups in the Profile Generator (PFCG)n Assigned to users via Activity Group Assignmentn Some high-level profiles, such as SAP_ALL, can be assigned directly to users
  13. 13. Relationship of ActivityGroups and Profiles User Activity Group Profile Authorization Object Detailed Authorizations Authorizations
  14. 14. Profile Generatorn Menu – User Menun Task Assignment – associate workflow task for “potential agents”n Authorizations – assign authorization objects and generate profilesn Users
  15. 15. UT Activity Groups/Rolesn Departmental Roles n Departmental Specialist n Departmental Management n Funds Centersn Campus Office Roles n For example, CBO’s, Personnel Specialistsn Central Office Roles n For example, Accounts Payable/Controller’s Officen Project Team/Support Roles
  16. 16. Composite Roles UT_DEPT_ADMIN_SPEC_CMP CBO UT_DEPT_ADMIN_SPEC_CO Controller GLDept AP CBOMgmt MM AP FM CBO Controller Budget Office
  17. 17. UT Roles – BreakdownDepartmental Campus Level CentralFunctional Role Functional Role Functional RoleCampus data role Campus data roleFunds center role
  18. 18. Relationship to Workflown Security n Provides the ability for a user to perform an actionn Workflow n Routes the document to the appropriate person n Performs background processing for some functionalityn User must have both security and workflow to act upon work items
  19. 19. WorkflowRoles/Assignmentsn Departmental Reviewer n Reviews documents before approvern Departmental Approver n Provides the departmental approval for documentsn Other special workflows n Journal vouchers, CBO level approvals, HR/security processes
  20. 20. Useful Transaction CodesSU01D Display UsersUser Reports - Tools-->Administration-->User Administration-->Information SystemZAPPS Display Approvers/Workflow ResponsibilitiesZSUBS Workflow Substitutes ReportZWIRPT Workflow Work Item Aging ReportSWI5 Workload AnalysisSM04 Current Users Logged in on "App Server"AL08 Current Users Logged in on SystemPFCG Profile GeneratorPP01 Display Workflow ResponsibilitiesFM5S Display FundFM2G Funds Center Hierarchy
  21. 21. Security System Settingsn Password reset – 62 daysn Logon screen - disappears after 3 unsuccessful logon attemptsn User ID lock – after 6 unsuccessful login attemptsn Automatic logout - after 8 hours of inactivity