Introduction to SAP Security
Introduction to SAP Security
What is Security
Security in the context of IT denotes giving access to users to only those system resources which they require to perform their jobs.
In SAP, these resources generally take the form of either business application or administration tools through transactions, screens, tables, programs, reports, web services, etc.
Why Security is important?
SAP being an ERP solutions comes loaded with a huge number of applications which can be configured to map the business progresses of an organization like procurement, manufacturing, sales, financial accounting, controlling and human resource management.
It is imperative that only actual employees/business partners get access to the SAP system (Authentication).
Each user using the SAP system should only have access to the application relevant to their jobs (Authorization).
e.g. we certainly do not want an employee working on the shop floor to get access to see and update the bank details for other employees, a job typically reserved for the HR department.
Authentication and Authorization
Authentication: is ensured by having an unique user id and password for each user maintained as part of the user master record. Any user trying to access a SAP system should have a valid User Master Record. In addition to that it lists the user's name, email, telephone and the roles which allow access to different applications.
Authorization: are implement through roles (or the older term activity groups) and typically assigned to users through their user master record.
Each role also has one or more corresponding authorization profiles with different authorizations. Its authorization profiles which actually give access to users.
Levels of Authorizations
Level 1: User ID Access Login w/ UserID and Password
Level 2: Transaction Code Access Object: S_TCODE Examples: FB01, MM01
Level 3: Authorization Access Examples: F_BKPF_BUK, M_MATE_BUK
User Master Record Role/Profile Authorization Object Field Values
 
                    
                     
                    
                 
                    
                
 
                
            
         
         浙公网安备 33010602011771号
浙公网安备 33010602011771号