SU10 User maintenance mass changes
Planning / Implementation
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
A degree in computer science is usually a prerequisite and is now almost compulsory. Those who have been trained as IT specialists can take advantage of further training to become SAP Basis Administrators and thus position themselves particularly well on the job market. However, quite a few companies also offer to train employees to make them fit to work as SAP Basis Administrators.
The website www.sap-corner.de offers many useful information about SAP basis.
Change and release management
Due to the technology diversity, including in the SAP product portfolio, the support by a single silo unit SAP basis is almost impossible. Likewise, there are many activities that are located for historical reasons in the SAP basis and in parallel in the non-SAP area. In this respect, the separation between SAP and Non-SAP must be examined and, if possible, eliminated by standardisation, integration and centralisation. For example, the issue of output management can be set up in a team that has knowledge in the SAP printing area as well as in the non-SAP printing area and has contact points in the SAP basis. From the SAP basis, tools must be made available to the non-SAP areas to support them in their work in the SAP environment.
This presentation takes place via a graphical user interface (GUI). This is where users read required information and enter new data into the system.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
Note that this parameter can only be affected by you if the generation is allowed by SAP during the insertion of this support package.
So much information... how can you keep it so that you can find it again when you need it? Scribble Papers is a "note box" that makes this very easy.
In the Security Auditlog, you can use various filters to determine which users are logged on which client and which information.