www.magnifictraining.com - " SAP SECURITY ONLINE TRAINING " contact us:[email protected] or 1-6786933994, 1-6786933475, 919052666559, 919052666558 By Real Time Experts from Hyderabad, Bangalore,India,USA,Canada,UK, Australia,South Africa,Malaysia.
What is Security?
Security concept is same around the globe like in your normal life, security
means removing or restricting unauthorized access to your belongings. For
example your Car, laptop or cared cards etc
Information security (sometimes shortened to InfoSec) is the practice of
defending information from unauthorized access, use, disclosure, disruption,
modification, perusal, inspection, recording or destruction. It is a general term
that can be used regardless of the form the data may take (electronic, physical,
In the same context of InfoSec. SAP security have the same meaning… or in
other words - who can do what in SAP?
User Master Record?
A User initially has no access in SAP
• When we create access in system it defines UMR User Master Record information includes:
• Name, Password, Address, User type, Company information
• User Group
• Roles and Profiles
• Validity dates (from/to)
• User defaults (logon language, default printer, date format, etc)
User Types: Dialog – typical for most users System – cannot be used for dialog login, can communicate between systems and start background jobs Communications Data – cannot be used for dialog login Internet services.
Roles and Profiles
Roles is group of tcode (s), which is used to perform a specific business task.
Each role requires specific privileges to perform a function in SAP that is
There are 3 types of Roles:
• Single – an independent Role
• Derived – has a parent and differs only in Organization Levels. Maintain Transactions, Menu, Authorizations only at the parent level
• Composite – container that contains one or more Single or Derived Roles
• Authorization Objects are the keys to SAP security
• When you attempt actions in SAP the system checks to see whether you have the appropriate Authorizations
• The same Authorization Objects can be used by different Transactions
• When a User logs into the system, all of the Authorizations that the User has are loaded into a special place in memory called the User Buffer
• As the User attempts to perform activities, the system checks whether the user has the appropriate Authorization Objects in the User Buffer.
• You can see the buffer in Transaction ???
Executing a Transaction (Authorization Checks)
How to trace missing Authorization
Frequently you find that the role you built
has inadequate accesses and will fail during testing or during production usage.
Why? Why It happens?
Negligence of tester or some other reason How
This process kicks when security guy receives:
• Email or,
•phone call or