apm detailed technical overview n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
APM Detailed Technical Overview PowerPoint Presentation
Download Presentation
APM Detailed Technical Overview

Loading in 2 Seconds...

play fullscreen
1 / 48

APM Detailed Technical Overview - PowerPoint PPT Presentation


  • 258 Views
  • Uploaded on

APM Detailed Technical Overview . APM Contents. APM – PFCG Overview APM – Role Management Authorization Trace Role Maintenance/Derived Roles Mass Changes APM – Risk Management Risk and Process Definition Pro-active Risk and Process Analysis Risk and Process Analysis Reports.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

APM Detailed Technical Overview


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
apm contents
APM Contents
  • APM – PFCG Overview
  • APM – Role Management
    • Authorization Trace
    • Role Maintenance/Derived Roles
    • Mass Changes
  • APM – Risk Management
    • Risk and Process Definition
    • Pro-active Risk and Process Analysis
    • Risk and Process Analysis Reports
apm contents1
APM Contents
  • APM – Basis
    • Configuration
    • Special User Monitor
    • Batch-Job Monitor
  • APM – References
    • Online Tutorial
    • Support Forum
    • Contact Information
apm overview
APM Overview
  • Created by a team of experience consultants and clients inputs to provide an effective and efficient way to manage authorizations.
  • The process oriented approach creates a minimum authorizations necessary to perform a business process.
  • Role management features reduce administration cost.
  • Risk management features provide a clear view of Segregation of Duties.
apm role management
APM - Role Management
  • Authorization Trace
    • Defined from the SAP point of view in cooperation with the user departments.
    • No need to learn how SAP-System trace is handled.
    • Easily troubleshoot and resolve authorization issues.
    • The logged authorizations represent the minimum specifications.
    • Retrieve to workspace for role generation or add to existing role.
apm role management1
APM - Role Management
  • Authorization Trace
    • When entering a trace for multiple users, please make sure that this trace can be activated and deactivated for all users, only.
    • APM user traces must be deactivated and deleted via APM.
    • APM users must always log in the defined application server.
apm role management2
APM - Role Management
  • Authorization Trace
    • A non-observance of this prescription may lead to the following problems:
      • You cannot start or end a user trace via APM anymore. This may happen when an APM user trace has been stopped via SAP-Standard. In this case, it is absolutely mandatory to terminate the trace via SAP-Standard (Transaction ST01). Only thereafter, all functions are available again.
      • You cannot import or delete a user trace and you will get the message that this user trace on operating system level does no longer exist. This may happen when an APM user trace has been deleted via SAP-Standard instead of via APM. In this case, use the menu item Utilities – Reconciliation of tables.
apm role management3
APM - Role Management
  • List Functions
    • Authorization list is the working platform of APM where authorizations and authorization objects can be entered, deleted, or changed.
    • When saving a list, no change documents are created.
    • Inactive authorization no longer necessary.
    • Compress List (Merger) will not create new authorization.
    • Mass authorization change.
    • Undo and redo.
apm role management4
APM - Role Management
  • PFCG - Inactive Authorization

Remove value “01, 06, 24”

apm role management5
APM - Role Management
  • PFCG - Inactive Authorization

New authorization is inserted

apm role management6
APM - Role Management
  • PFCG - Inactive Authorization

Best practice is to create a copy, inactive, and make changes to copied authorization

apm role management7
APM - Role Management
  • PFCG - Inactive Authorization

When standard transaction is deleted the changed authorization remains

apm role management8
APM - Role Management
  • APM - Inactive Authorization

APM will not insert “New” authorization. Notice that there are no status within APM.

apm role management9
APM - Role Management
  • APM - Inactive Authorization

APM will delete all “Standard and Changed” authorization.

apm role management10
APM - Role Management
  • PFCG – Derived Role
apm role management11
APM - Role Management
  • APM – Derived Role
apm role management12
APM - Role Management
  • APM – Derived Role
    • Deviation Folder
      • All inherited field value from the master role can be modified.
      • Deviations can be field-related or object-related.
      • All deviation folders can be used for the automatic mass change.
    • Extension Folder
      • Add additional authorization to dependent role.
      • Always use “After Mass Change”.
apm role management13
APM - Role Management
  • Mass Authorization Change
    • Mass change multiple fields value via Deviation Folder.
    • Manually mass change single field.
apm risk management
APM - Risk Management
  • Risk Analysis
    • A collection of critical authorization objects.
    • Pro-actively identify Risks during Role maintenance.
    • Exclusion objects are inactive in role.
    • Risk analysis discovers weaknesses and security gaps within the authorizations and enable a direct elimination of these risks.
apm risk management1
APM - Risk Management
  • Risk Analysis

Document Risk Version

apm risk management2
APM - Risk Management
  • Risk Analysis

Very critical

Critical

Inactive

apm risk management3
APM - Risk Management
  • Risk Analysis

Risk can be defined as:

  • Object
  • Single occurrence
apm risk management4
APM - Risk Management
  • Process Analysis
    • A collection of critical combination of authorization objects.
    • Pro-actively identify Process Analysis during Role maintenance.
    • Unlimited business process chain per Version.
apm risk management5
APM – Risk Management
  • Process Analysis

Multiple Process Chains per Version

apm risk management6
APM – Risk Management
  • Process Analysis

Transaction combinations can be defined in set

apm risk management7
APM – Risk Management
  • Process Analysis Report

Process to User or Role Report

apm risk management8
APM – Risk Management
  • Process Analysis Report

Report can be executed for User(s) or User Group

apm risk management9
APM – Risk Management
  • Process Analysis Report

Users to Process Chains

apm risk management10
APM – Risk Management
  • Process Analysis Report

Process Chains to Users

apm basis configuration
APM - Basis Configuration

APM Trace setting

apm basis configuration1
APM - Basis Configuration

Expert mode

Verify if Transaction is valid before generation

apm basis configuration2
APM - Basis Configuration

Always check Menu…-Delete and Create to prevent direct modification of S_TCODE

Activate Role ownership

apm basis configuration3
APM - Basis Configuration

Set Proactive Risk or Process Authorization Analysis

Sequence Analysis: Object then Single Occurrence

apm basis configuration4
APM - Basis Configuration

Always select “Confirm all automatically”

apm basis configuration5
APM – Basis Configuration

Standard APM functions for List, Deviation, and Mass Changes

apm basis
APM - Basis
  • Special Users
    • Emergency or Special user are defined for supervision.
    • 3-Level Security Concept
      • Every login of a safety-relevant special user causes a system log message to be written, and can be evaluated.
      • All activities of a safety-relevant special user are recorded on transaction- and/or program level, and can be evaluated.
      • All activities of safety-relevant special users are recorded within transactions or programs down to the used function, and can be evaluated.
apm basis1
APM - Basis
  • Batch-Job-Monitor
    • Automatic supervision of jobs in the SAP environment.
    • The monitoring is planned periodically, and the monitoring tools optionally send mails and/or express mails, or prints error messages on the printer as soon as erroneous jobs are detected within a defined period of time (cycle).
    • This method enables to optimize error handling through in-time reporting to the responsible person(s).
apm basis2
APM - Basis
  • Directory Viewer
    • SAP-Explorer – enables a direct administration of directories and files of the SAP-Server without having to go to the operating system.
    • In addition to the display, copy, and delete file functions, the SAP-Explorer also supports the Upload and Download of files.
apm next steps
APM – Next Steps

Many new functionalities have been added…

More will be implemented by Q4/05 and Q1/06

Please give us the opportunity to learn more about your requirement and show your basis/security team a brief online demonstration of APM’s powerful functionalities.

Schedule a presentation at: 813-283-0070 or info@realtimenorthamerica.com