1 / 48

APM Detailed Technical Overview

APM Detailed Technical Overview . APM Contents. APM – PFCG Overview APM – Role Management Authorization Trace Role Maintenance/Derived Roles Mass Changes APM – Risk Management Risk and Process Definition Pro-active Risk and Process Analysis Risk and Process Analysis Reports.

adamdaniel
Download Presentation

APM Detailed Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APM Detailed Technical Overview

  2. APM Contents • APM – PFCG Overview • APM – Role Management • Authorization Trace • Role Maintenance/Derived Roles • Mass Changes • APM – Risk Management • Risk and Process Definition • Pro-active Risk and Process Analysis • Risk and Process Analysis Reports

  3. APM Contents • APM – Basis • Configuration • Special User Monitor • Batch-Job Monitor • APM – References • Online Tutorial • Support Forum • Contact Information

  4. APM Overview • Created by a team of experience consultants and clients inputs to provide an effective and efficient way to manage authorizations. • The process oriented approach creates a minimum authorizations necessary to perform a business process. • Role management features reduce administration cost. • Risk management features provide a clear view of Segregation of Duties.

  5. APM – PFCG Overview

  6. APM – PFCG Overview

  7. APM – PFCG Overview

  8. APM – PFCG Overview

  9. APM – PFCG Overview

  10. APM – PFCG Overview

  11. APM – PFCG Overview

  12. APM – PFCG Overview

  13. APM – PFCG Overview

  14. APM - Role Management • Authorization Trace • Defined from the SAP point of view in cooperation with the user departments. • No need to learn how SAP-System trace is handled. • Easily troubleshoot and resolve authorization issues. • The logged authorizations represent the minimum specifications. • Retrieve to workspace for role generation or add to existing role.

  15. APM - Role Management • Authorization Trace • When entering a trace for multiple users, please make sure that this trace can be activated and deactivated for all users, only. • APM user traces must be deactivated and deleted via APM. • APM users must always log in the defined application server.

  16. APM - Role Management • Authorization Trace • A non-observance of this prescription may lead to the following problems: • You cannot start or end a user trace via APM anymore. This may happen when an APM user trace has been stopped via SAP-Standard. In this case, it is absolutely mandatory to terminate the trace via SAP-Standard (Transaction ST01). Only thereafter, all functions are available again. • You cannot import or delete a user trace and you will get the message that this user trace on operating system level does no longer exist. This may happen when an APM user trace has been deleted via SAP-Standard instead of via APM. In this case, use the menu item Utilities – Reconciliation of tables.

  17. APM - Role Management • List Functions • Authorization list is the working platform of APM where authorizations and authorization objects can be entered, deleted, or changed. • When saving a list, no change documents are created. • Inactive authorization no longer necessary. • Compress List (Merger) will not create new authorization. • Mass authorization change. • Undo and redo.

  18. APM - Role Management • PFCG - Inactive Authorization Remove value “01, 06, 24”

  19. APM - Role Management • PFCG - Inactive Authorization New authorization is inserted

  20. APM - Role Management • PFCG - Inactive Authorization Best practice is to create a copy, inactive, and make changes to copied authorization

  21. APM - Role Management • PFCG - Inactive Authorization When standard transaction is deleted the changed authorization remains

  22. APM - Role Management • APM - Inactive Authorization APM will not insert “New” authorization. Notice that there are no status within APM.

  23. APM - Role Management • APM - Inactive Authorization APM will delete all “Standard and Changed” authorization.

  24. APM - Role Management • PFCG – Derived Role

  25. APM - Role Management • APM – Derived Role

  26. APM - Role Management • APM – Derived Role • Deviation Folder • All inherited field value from the master role can be modified. • Deviations can be field-related or object-related. • All deviation folders can be used for the automatic mass change. • Extension Folder • Add additional authorization to dependent role. • Always use “After Mass Change”.

  27. APM - Role Management • Mass Authorization Change • Mass change multiple fields value via Deviation Folder. • Manually mass change single field.

  28. APM - Risk Management • Risk Analysis • A collection of critical authorization objects. • Pro-actively identify Risks during Role maintenance. • Exclusion objects are inactive in role. • Risk analysis discovers weaknesses and security gaps within the authorizations and enable a direct elimination of these risks.

  29. APM - Risk Management • Risk Analysis Document Risk Version

  30. APM - Risk Management • Risk Analysis Very critical Critical Inactive

  31. APM - Risk Management • Risk Analysis Risk can be defined as: • Object • Single occurrence

  32. APM - Risk Management • Process Analysis • A collection of critical combination of authorization objects. • Pro-actively identify Process Analysis during Role maintenance. • Unlimited business process chain per Version.

  33. APM – Risk Management • Process Analysis Multiple Process Chains per Version

  34. APM – Risk Management • Process Analysis Transaction combinations can be defined in set

  35. APM – Risk Management • Process Analysis Report Process to User or Role Report

  36. APM – Risk Management • Process Analysis Report Report can be executed for User(s) or User Group

  37. APM – Risk Management • Process Analysis Report Users to Process Chains

  38. APM – Risk Management • Process Analysis Report Process Chains to Users

  39. APM - Basis Configuration APM Trace setting

  40. APM - Basis Configuration Expert mode Verify if Transaction is valid before generation

  41. APM - Basis Configuration Always check Menu…-Delete and Create to prevent direct modification of S_TCODE Activate Role ownership

  42. APM - Basis Configuration Set Proactive Risk or Process Authorization Analysis Sequence Analysis: Object then Single Occurrence

  43. APM - Basis Configuration Always select “Confirm all automatically”

  44. APM – Basis Configuration Standard APM functions for List, Deviation, and Mass Changes

  45. APM - Basis • Special Users • Emergency or Special user are defined for supervision. • 3-Level Security Concept • Every login of a safety-relevant special user causes a system log message to be written, and can be evaluated. • All activities of a safety-relevant special user are recorded on transaction- and/or program level, and can be evaluated. • All activities of safety-relevant special users are recorded within transactions or programs down to the used function, and can be evaluated.

  46. APM - Basis • Batch-Job-Monitor • Automatic supervision of jobs in the SAP environment. • The monitoring is planned periodically, and the monitoring tools optionally send mails and/or express mails, or prints error messages on the printer as soon as erroneous jobs are detected within a defined period of time (cycle). • This method enables to optimize error handling through in-time reporting to the responsible person(s).

  47. APM - Basis • Directory Viewer • SAP-Explorer – enables a direct administration of directories and files of the SAP-Server without having to go to the operating system. • In addition to the display, copy, and delete file functions, the SAP-Explorer also supports the Upload and Download of files.

  48. APM – Next Steps Many new functionalities have been added… More will be implemented by Q4/05 and Q1/06 Please give us the opportunity to learn more about your requirement and show your basis/security team a brief online demonstration of APM’s powerful functionalities. Schedule a presentation at: 813-283-0070 or info@realtimenorthamerica.com

More Related