Discuss business intelligence, integration, compliance and a host of other SAP-related topics – implementation, best practices and resources to negotiate the world of SAP better!

« RFID in Pharma Manufacturing and Regulatory Compliance | Main | Is Your SAP Application Compatible With IE8 »

SAP Security design strategy for a transformation program (Part 2)

In the part-1 blog, the main topics in a business transformation were covered at high level.
In current Part-2 blog, the global process will be discussed.
A global process-oriented approach requires generally accepted (standardized) and comparable descriptions of work processes. Therefore, the key purpose of global SAP Roles is to have a uniform basis with global principles.

A global SAP Role is defined from a set of related tasks, which result in specific output. It is an explanation of how a business process is performed. A global SAP Role can be applied to several jobs and several employees can have the same role.
A global SAP role is the basis for further activities:
 Explaining how employees jobs will change in relation to new responsibilities and way of working
 Performance measurement
 Training requirements
 Assignment of system authorization
The SAP role definition takes place through the following steps:
• Definition of all relevant roles in scope for SAP XXX Project.
• Mapping of SAP Business, management and reporting tasks to the according SAP Role
• Detailed description of SAP Roles in a uniform template. The description of role is divided into two parts:
Part I:  Global Description
Part II:  Detailed Information for Local Implementation
To build a security framework, the following design objectives shall be reviewed with the security team, business process owners, and role owners.

• Integrate security development into the standard development process
• Benefits
- create a framework that is both flexible and easily maintainable
- maintain consistency across all functional areas
- minimize or eliminate redundancy
• Design an approach/ framework for ECC Security using a three-tier approach
• Create a security team (security organization chart) that works very closely with the functional/ process, HR, and training and various other project teams to gather authorization, personnel and training requirements
• Adhere to Security Design Practices/ Principles
• Incorporate a best-practice security naming standards
• Monitor sensitive transactions and authorization objects
• Discuss and/or implement SOX compliance (Risk Analysis) tool for SOD checks.
• Implement project team security including- basis, security, developer, configuration for each system/ client
• Test the approach/ framework using a structured testing process
• Implement an security change control process for auditing tracking; utilize Solution Manager integrated with xxxxxx
• Discuss and/or implement Identity Management tool for central user administration
• Discuss and/or implement LDAP integration with Portals for authentication
• Discuss and/or implement Single Sign-On (SSO) for federated portal network
• Discuss and/or implement indirect role assignment using HR-ORG
• Discuss and/or implement various security table settings


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter