Contents. OneAccess Value. SAP Security best Practices. Process Workflow. Functional / Demo
|
|
|
- Barrie Kelly
- 5 years ago
- Views:
Transcription
1 Product Features
2 Contents 1 2 OneAccess Value 3 SAP Security best Practices Process Workflow Functional / Demo
3
4 SAP Certified Powered by NetWeaver Product is safe to be deployed in SAP NetWeaver Environment Deployed by JSPM or SDM Solution Manager Ready Detail application Logging
5 Sample Process Flow SAP User Approval Process Step 1 Tasks Training Manager User Site Security Administrator Role / SOD Approver User Notify Supervisor Register No User Provisioning Database ( GRC) Step2 Approved? Supervisor: Knowledge of the SAP Security Roles Assign SAP Roles to User based on user Functions Approved? Yes Yes Step 3 Assign / Change Roles / SOD No SOD Approver: Understand Role Conflicts Work with Functional team to come up with Mitigation Control Approve SOD Controls Step 4 Role Approval / SOD Check Complete Training No Training Completed Step 5 Verify Training Role Approver / Owner: Understand Sensitive of the Roles Assign owner ship to Local Sites if appropriate Approve Role assignment to Users Yes Step 6 Provision Access in SAP
6 The OneAccess Way Approved access to SAP Systems Org hierarchy-based and rule-based access control Multi step approval process Centralized SAP security access and policy enforcement Streamline and automate approval process Delegate SAP access approval to local units Automated creation of users in SAP System
7 The OneAccess Value SOX-compliant Less resources for User management Reduced audit costs Stream-lined access approval Avoid inappropriate access Comply to corporate policy Short Implementation Value Pricing
8 Client Pain-points Inadequate change control for User management Lack of approval/audit trail as structured data Lost time and budget remediating repeated errors Master record inconsistencies across SAP systems No self service for user password reset Unapproved access for the wrong SAP users No effective enforcement of roles
9 Architecture Java Web application built on Spring/Hibernate Deployed on any J2EE application server such as SAP Netweaver, Apache Tomcat, JBoss, Weblogic, Websphere, Sun ONE N-tier software architecture with Domain objects, Data Access Objects (DAO), Spring Controllers, JSP pages, Acegi Security, Quartz scheduler, Web 2.0 (Ajax) All passwords stored in encrypted form Works on any JDBC-compliant database such as mysql, Oracle, SQL Server, Sybase
10 Best practices in Security Local Site Security Administrator One Composite Role per user Composite role should align with organizational location and job title Use organizational derived Composite roles Have sensitive and non sensitive display roles Continuous Compliance: Risks mitigation or remediation in development environment
11 Best practices cont Create one base role and use derived roles for organizational locations Strong Naming conventions for security roles Access to custom tables and programs should be secured by transactions / authorization groups SU24 Updates Positive and negative tests should be performed for SAP roles Audit person should be involved in mitigation controls and change control process
12 Site Security Administrator Understands the end user access requirement Recommends role to the user and validates the role assignment Knowledgeable in the SAP role and transactions Initiate changes to single roles and composite roles First line of defense for trouble tickets Coordinates testing and user acceptance
13 One Composite Role Per User Composite Role should follow the Job title Eg: AP Manager- CIMA, AP Manager- SLC Mitigation control on the composite role End users and support personal can easily understand the role Security errors can be fixed on all the composites Consistent access across all jobs Should have broad display roles
14 Continuous Compliance Role Changes to single role or composite role Mitigate or remediate single and composite role Transport Transport remediation controls Transport Roles once clean in Development Production Role cannot be assigned in production with SOD Users cannot have SOD in Production
15 Audit group- Ownership FDA Compliance Enforcement
16 Role development Derived role and naming convention SU24 Updates Transactions for jobs across org Errors can be fixed for all Jobs
17 Feature List Cloning users Reset password Peer level approval Approval and rejection by approver Editing Request by approver Reports for approver Upload users and all legacy data Change request tracking Details reports for Administrator and Audit group
18 Roles and responsibilities Requester Approver Admin Register in OneAccess Add Request to System Add Role to Request Change Site Reset Password Review status Clone Request Approve or Deny request Create own request Mass approve request Review approval status by system Change Site Reports Perform System settings Load master Data Run audit Reports Creates approver Trouble shoot Problems
19 Site System relationship Location Approver Attaches to Location ECC 6.0 BI 7.0 APO Role Role Role Role Role Role
20 Admin functions Admin Functions Policies and Setup Loading Data Trouble Shoot Approver Setup
21 Normal Approved request Requester Registers Adds request with SAP System and Role Approver receives the request with open status Approver Approves the request Request changes to Approved status User is Created in SAP System
22 Rejection Process Approver Rejects Request Returns to requester Requester Changes role Approver Approves User Created in Sap System
23 Process when System Failure User Registers Failed due to system connection System admin fixes the problem Adds Request with Role and SAP System Background job tries to Provision the user in SAP System Request status changes Approved Approver approves the request Status of the Request Changes to Approved User Is Created in SAP System
24 Sample Process Flow User Registers Training Approval OA Background job Provisions the user Manager Approval Role Owner Approval User Created in SAP Site Rep adds Role and SAP System Status of the Request Changes to Approved Notification Sent
25 Admin Site Approver List
26 Admin Report
27 Admin- User Report
28 Admin-Settings
29 Admin:-Role List
30 Admin-Adding New Site
31 Admin-New SAP System
32 Admin-System List
33 Approver- Approvals Waiting
34 Approver-Approver Details
35