User Authentication

The first phase comprises confirmation of user identity and results in authentication of user. Unauthorized access to SAP system is prevented through.this initial check. This ensures system integrity by regulating secure access through genuine user authentication.

Creating and Assigning Authorization Profiles

A Profile Generator (PG) is used to automatically generate and assign authorization profiles. This tool was released with SAP version 3.1g and above. The administrator can also create authorization profiles manually.

System Logs and Security Audit Logs

The system log records critical information important events. Each individual application server maintains local log files to which the information is written periodically. The security audit log records areas such as successful and unsuccessful dialog log-on attempts, RFC log-on attempts, changes to user master records, and transaction starts.

Reviewing User Activity

All SAP system users must be continuously monitored so that their problems can be rectified as soon as they occur. The timely attention to user problems can reduce administration overheads. For example, if a SAP administrator wants to check for unrecognizable user Ids or the users trying to use non-permitted transactions, administrator can execute transaction AL08 and review user activity.

Monitoring User access in BASIS User Group

The BASIS users in a SAP system have access to sensitive areas of an organization. Therefore it is vital to monitor their access. Following instructions can be performed to check the access of BASIS User group.


What We Do

Monitoring Change Requests

All change requests need to be properly reviewed and controlled prior to being applied. This formal process needs to be detailed enough to ensure that separation of duties and other control features are not breached. Strong integration knowledge of the SAP system is required for this review. Critical profiles, authorizations, and transactions need to be identified and treated even more carefully

Changing Default SAP User ID’s

SAP comes with some pre-configure clients (independent business units). They are client 000, 001 and 066 in the non-IDES system. In the IDES system, client 800 is the default client. SAP installation process automatically creates default user Ids and their corresponding passwords. SAP administrators must ensure that they are not used to access the system. The following table explains default user Ids in various SAP clients

SAP security

SAP security is flexible as well as complex. SAP has a multilayered integrated framework. To ensure adequate protection, security measures must be factored into all layers of the SAP infrastructure. With client/server architecture, SAP systems include many components that exchange information, each of which constitutes a layer of the SAP security infrastructure. Security is often not a priority in an implementation and as a result, the default security is not strong.