 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, 1998- James R. Mensching, Gail Corbitt.

Slides:



Advertisements
Similar presentations
Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.
Advertisements

Visit : Call Us: US: , India:
Visit : Call Us: US: , India:
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
Tutorial 8: Developing an Excel Application
Hidden Features. What will we cover 16 hidden features for Admins Bonus: –2 hidden features for Employers –Live examples!
 SAP AG CSU Chico Report Painter: More Advanced concepts MINS 298C-04 ABAP/4 Fall 1998.
 SAP AG CSU Chico Searching and Selecting Data from R/3 ABAP/4 class Gail Corbitt - Fall 1998.
Introduction to the ABAP Data Dictionary
© Tally Solutions Pvt. Ltd. All Rights Reserved 1 Shoper 9 Tally.ERP 9 Interface January 2010.
Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.
Introduction to SAP.
Guide to Oracle10G1 Introduction To Forms Builder Chapter 5.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.
 SAP AG CSU Chico Working with IMG Copyright 1996, 1997, James R. Mensching, Gail Corbitt Contents of this file are for the exclusive use of the.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
SAP R/3 Materials Management Module
SAP An Introduction October 2012.
Train The Trainer Employee Central Administration
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Microsoft Office Word 2013 Expert Microsoft Office Word 2013 Expert Courseware # 3251 Lesson 4: Working with Forms.
MS Access Advanced Instructor: Vicki Weidler Assistant:
SMART Agency Tipsheet Staff List This document focuses on setting up and maintaining program staff. Total Pages: 14 Staff Profile Staff Address Staff Assignment.
0 UMN 2011 ERP Terapan ABAP Introduction Session # 8.
Employee Central Administration
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Module 7: Fundamentals of Administering Windows Server 2008.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Chapter 6 Generating Form Letters, Mailing Labels, and a Directory
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Authorizations in SAP.
Module 3: Administrator Set-Up Intuit Financial Services University Internet Banking Certification Training.
 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.
Chapter 8 Configuring and Managing Shared Folder Security.
Introduction to the SAP IMG Interface. Slide 2 Accessing the IMG Use transaction code SPRO or.
SAP Account Administration Account Administration.
Intermediate Documents (IDOCs) What is an IDoc What is an IDoc An IDoc is simply a data container that is used to exchange information between any two.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 14 – Windows Security.
SAP Navigation.
IBM Global Services © 2005 IBM Corporation SAP Legacy System Migration Workbench| March-2005 ALE (Application Link Enabling)
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
RMsis – v now with JIRA 5.0 support Simplify Requirement Management for JIRA.
SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.
Career Oriented SAP BASIS training in India,uk,usa Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING.
Customizing Tools4.6fi_02.1 The system provides a set of tools to facilitate the process of customizing the system to meet business requirements. Chapter.
1  Tata consultancy services Bank and Cash Transactions (Accounts Payable)
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.
 Tata Consultancy Services 1 Financial Information.
SAP Security Online Training Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING INDIA
SAP Security Interview Question & Answers
Welcome! To the ETS – Create Client Account & Maintenance
SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING UK
MINS 298C SAP Terminology & Structure
Microsoft Office Access 2003
Chapter 4 Company Code Global Parameters
James Baranello MIS 5121:Business Process, ERP Systems & Controls Week 8: Security 2 – Roles Financial Processes and Controls.
Financial Accounting (FI)
Simplify Your Sales Process
Presentation transcript:

 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt Contents of this file are for the exclusive use of the special MINS 298C class dealing with SAP software at CSU Chico for the Fall, 1998 semester. Any other use in either electronic or hardcopy form is prohibited without the express written permission of the author. This material is confidential. Do not share it with anyone not enrolled in the class. Security Lecture Security Lecture

 SAP AG CSU Chico 202/14/982SAP Security Lecture SAP Security Purpose of Security: Assign users rights to perform job tasks that they need to do. Prohibit users from doing tasks that they are not supposed to do. Objectives of presentation Define key security concepts Examine relationship between user and security concepts Apply concepts to real situations

 SAP AG CSU Chico 302/14/983SAP Security Lecture SAP Security Security is performed at the object level 30 + Object classes, such as Basis Administration, FI, MM Master Data (View Objects within classes by using SU03) About objects within the 30 + classes SAP Security works on a pass-fail system. It checks constraints until if finds a failure. Levels of Setting: Authorization Object in the form of authorization (test on an object) Profile (sets of authorizations) User ID

 SAP AG CSU Chico 402/14/984SAP Security Lecture SAP Security Framework Object Authorization Object Authorization Object Authorization Functional Profile Functional Profile Job Profile USER User ID

 SAP AG CSU Chico SAP Security Framework Functional Profile Functional Profile Job Profile USER User ID Class Profile

 SAP AG CSU Chico 502/14/985SAP Security Lecture SAP Security Components Authorization Object: something in the system that potentially needs protecting (company code, document type, etc.) Fields: attributes that can be used to set protection (1- 10 fields per object that vary with object) Activity: such as create, update, delete, view.. Authorization Group: Values that the object needs IDOC Type Profile (set of authorizations) User Master Record (all profiles for that user)

 SAP AG CSU Chico 602/14/986SAP Security Lecture SAP Security Components Levels of Security Administration: SAP Super User User ID Maintenance Activation Administration Authorization Maintenance Program Developer Objects & Classes Authorizations (values of objects) Profiles User IDs

 SAP AG CSU Chico 702/14/987SAP Security Lecture SAP Security and Business Processes Business Task Business Task PROCESSPROCESS Object Authorization Object Authorization Functional Profile Job Profile Functional Profile User ID User

 SAP AG CSU Chico 802/14/988SAP Security Lecture SAP Security Authorization: Set of specified values for fields in an Authorization Object = test conditions for the object Standard Authorizations provided by SAP Object: F_BKPF_BED: Customer Account Activity: * Account Group: * Never Change or Delete an SAP authorization Custom Authorizations (should start with Z)

 SAP AG CSU Chico 902/14/989SAP Security Lecture SAP Security Example Object Class: Financial Accounting Authorization: ZS_D01 Authorization Object: F_BKPF_BED: Customer Account Activity: 01-03, 10 (create, change, print,post) Account Group: CALF, HAW SAP programs perform AUTHORITY-CHECK on objects for values in fields

 SAP AG CSU Chico 1002/14/9810SAP Security Lecture SAP Security: Creating an Authorization Create a name for the authorization Start with the letter Z Don’t use underscore as second character Example: ZS_D01 Use SU03 to create the authorization (Tools --> Administration -->Maintain Users) Create (first icon: sheet of paper) Maintain values sets the values you want Save Activate

 SAP AG CSU Chico 1102/14/9811SAP Security Lecture SAP Security Profile: Set of Authorization Objects Simple Profile: 1 Authorization Object Composite Profile: more than one authorization object Can have a composite made up of composites

 SAP AG CSU Chico 1202/14/9812SAP Security Lecture SAP Security User Master Record Composite Profile Profile Simple Profile Composite Profile Authorization Object Authorization Fields

 SAP AG CSU Chico 1302/14/9813SAP Security Lecture SAP Security SAP Standard Profile: F_BKPF_KANZ (Display vendor Accounts) Custom Profile: AA:FIAR_M01 Create profile then activate Copy from existing profile then rename To look at, change or create profiles use SU02

 SAP AG CSU Chico 1402/14/9814SAP Security Lecture SAP Security Standard Profiles common to all SAP installations SAP_ALL (unlimited access to system) SAP_NEW (allows older standard profiles to work in newer SAP releases) S_A_SYSTEM: System Administrator S_A_SHOW: Display authorizations only

 SAP AG CSU Chico 1502/14/9815SAP Security Lecture SAP Security: Users User Profiles assign profiles to specific user IDs Users can belong to Group, I.e. ABAP Developers, C&I Admin Can’t assign authorizations to groups only to individual users User Group is a field in some authorization objects Groups useful to separate responsibility, I.e. more than one security administrator, each responsible for a group of users

 SAP AG CSU Chico 1602/14/9816SAP Security Lecture SAP Security: Users Name the ID for the User Set the password Lock/unlock the account Define time period for the ID Set default printer and printing rights Define PIDs (Parameters) Define profiles

 SAP AG CSU Chico 1702/14/9817SAP Security Lecture SAP Security: Users Rules for setting passwords: Must be at least 3 characters Can not begin with ! or ? First 3 characters can not be a sequence of 3 characters in user ID. I.e. if by user id is gcorbitt, my password can not contain orb, or cor. First 3 characters can not be the same, I.e. ccc Can not use “pass” or “sap”

 SAP AG CSU Chico 1802/14/9818SAP Security Lecture SAP Security: Users PID :Parameter ID Example of parameter: default menu options, I.e. fast entry default currency posting period options

 SAP AG CSU Chico 1902/14/9819SAP Security Lecture SAP Security: Users User types Dialog BDC: inbound interfaces (I.e. data coming in from a legacy system) CPIC: machine to machine ID connect through UNIX (I.e. EDI inbound or outbound) BDC and CPIC do not have expiration dates on the passwords

 SAP AG CSU Chico 2002/14/9820SAP Security Lecture SAP Security: Transactions SU01: Creates and maintains users SU02: Creates and maintains profiles SU53: Displays LAST authorization failure ST01: Traces keystrokes SU03: Lists objects and classes SM04: Monitors user activity SE16: Looks at specific tables in SAP (T003 = auth. group) SA38: Looks at programs (AUTHORITY-CHECK) SU12: Deletes all users (usually disabled) SU10: Adds or deletes a profile to all users

 SAP AG CSU Chico 2102/14/9821SAP Security Lecture SAP Security: Coming Attractions SAP Profile Generator (31.G, R4) Makes it easier to track and maintain multiple profiles per user Uses menu paths to create authorizations or profiles Activity Groups similar to our functional profiles Activity Group Maintenance (31.G) Allows for profile updates, parameter settings by group instead of by individual user Hopefully allows for resetting expiration, start dates, printer options, etc. by groups of users instead of one user at a time

 SAP AG CSU Chico 2202/14/9822SAP Security Lecture Application of SAP Security to Classroom Activity Define what “jobs” or roles we want the students to have per class --functional profiles Set up authorizations for each job or role - job profiles Assign job profiles to users Document existing authorizations for Display and Create Activities for each “application” object Create authorizations for Display and Create where missing Create a standard profile that any user could have (view only to all modules)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.