SAP Security design strategy for a transformation program (Part 2)
In the part-1 blog, the main topics in a business transformation were covered at high level.
In current Part-2 blog, the global process will be discussed.
A global process-oriented approach requires generally accepted (standardized) and comparable descriptions of work processes. Therefore, the key purpose of global SAP Roles is to have a uniform basis with global principles.
A global SAP Role is defined from a set of related tasks, which result in specific output. It is an explanation of how a business process is performed. A global SAP Role can be applied to several jobs and several employees can have the same role.
A global SAP role is the basis for further activities:
Explaining how employees jobs will change in relation to new responsibilities and way of working
Assignment of system authorization
The SAP role definition takes place through the following steps:
• Definition of all relevant roles in scope for SAP XXX Project.
• Mapping of SAP Business, management and reporting tasks to the according SAP Role
• Detailed description of SAP Roles in a uniform template. The description of role is divided into two parts:
Part I: Global Description
Part II: Detailed Information for Local Implementation
To build a security framework, the following design objectives shall be reviewed with the security team, business process owners, and role owners.
• Integrate security development into the standard development process
- create a framework that is both flexible and easily maintainable
- maintain consistency across all functional areas
- minimize or eliminate redundancy
• Design an approach/ framework for ECC Security using a three-tier approach
• Create a security team (security organization chart) that works very closely with the functional/ process, HR, and training and various other project teams to gather authorization, personnel and training requirements
• Adhere to Security Design Practices/ Principles
• Incorporate a best-practice security naming standards
• Monitor sensitive transactions and authorization objects
• Discuss and/or implement SOX compliance (Risk Analysis) tool for SOD checks.
• Implement project team security including- basis, security, developer, configuration for each system/ client
• Test the approach/ framework using a structured testing process
• Implement an security change control process for auditing tracking; utilize Solution Manager integrated with xxxxxx
• Discuss and/or implement Identity Management tool for central user administration
• Discuss and/or implement LDAP integration with Portals for authentication
• Discuss and/or implement Single Sign-On (SSO) for federated portal network
• Discuss and/or implement indirect role assignment using HR-ORG
• Discuss and/or implement various security table settings