Restricting the user name in the SAP system
Point-in-Time Recovery
We are transparent and open. It is not part of our philosophy to make ourselves irreplaceable with you. In our eyes, this is a matter of course for a long-term partnership.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
Type linkage
SAP Basis represents the cornerstone of the SAP system, i.e. the foundation without which the system cannot function. Furthermore, it includes some administration tools and middleware programs. These programs can be used with the help of SAP Basis independently of the operating system and database used.
If regulations for the standardisation of SAP systems or tasks and procedures are in place, they must also be consistently complied with and their compliance must also be verified. In case of non-compliance, for example due to project influences or technological problems, the exception must be returned to the standard in a timely manner. Resources must be made available for this.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
Press CTRL+Y to highlight the task ID and then copy it by CTRL+C.
If you use the search through the S_TCODE permission object, the following result page appears.