Professional Documents
Culture Documents
MINS 298C SAP Configuration & Use: Security
MINS 298C SAP Configuration & Use: Security
MINS 298C SAP Configuration & Use: Security
Security Lecture
CSU
02/14/98 Chico SAP Security Lecture 1
SAP AG
SAP Security
Purpose of Security:
Assign users rights to perform job tasks that they need to do.
Prohibit users from doing tasks that they are not supposed to do.
Objectives of presentation
Define key security concepts
Examine relationship between user and security concepts
Apply concepts to real situations
CSU
02/14/98 Chico SAP Security Lecture 2
SAP AG
SAP Security
CSU
02/14/98 Chico SAP Security Lecture 3
SAP AG
SAP Security Framework
Object
Authorization Functional
Profile
Job
Object Profile
Authorization
User ID
Object Functional
Authorization Profile
USER
CSU
02/14/98 Chico SAP Security Lecture 4
SAP AG
SAP Security Framework
Functional
Profile
Job Class
Profile Profile
User ID
Functional
Profile
USER
CSU
Chico
SAP AG
SAP Security Components
CSU
02/14/98 Chico SAP Security Lecture 5
SAP AG
SAP Security Components
CSU
02/14/98 Chico SAP Security Lecture 6
SAP AG
SAP Security and Business Processes
Business P
R
Task
O
Business C
Task E
S
S
Object
Authorization Functional Job
Profile Profile
Object
Authorization User ID
Functional
Profile
CSU
02/14/98 Chico SAP Security Lecture 7
User
SAP AG
SAP Security
CSU
02/14/98 Chico SAP Security Lecture 8
SAP AG
SAP Security Example
CSU
02/14/98 Chico SAP Security Lecture 9
SAP AG
SAP Security: Creating an Authorization
CSU
02/14/98 Chico SAP Security Lecture 10
SAP AG
SAP Security
CSU
02/14/98 Chico SAP Security Lecture 11
SAP AG
SAP Security
Simple Composite
Profile Profile Authorization
Object Authorization
Fields
CSU
02/14/98 Chico SAP Security Lecture 12
SAP AG
SAP Security
CSU
02/14/98 Chico SAP Security Lecture 13
SAP AG
SAP Security
CSU
02/14/98 Chico SAP Security Lecture 14
SAP AG
SAP Security: Users
CSU
02/14/98 Chico SAP Security Lecture 15
SAP AG
SAP Security: Users
CSU
02/14/98 Chico SAP Security Lecture 16
SAP AG
SAP Security: Users
CSU
02/14/98 Chico SAP Security Lecture 17
SAP AG
SAP Security: Users
PID :Parameter ID
Example of parameter:
default menu options, I.e. fast entry
default currency
posting period options
CSU
02/14/98 Chico SAP Security Lecture 18
SAP AG
SAP Security: Users
User types
Dialog
BDC: inbound interfaces (I.e. data coming in from a legacy system)
CPIC: machine to machine ID connect through UNIX (I.e. EDI
inbound or outbound)
BDC and CPIC do not have expiration dates on the passwords
CSU
02/14/98 Chico SAP Security Lecture 19
SAP AG
SAP Security: Transactions
SU01: Creates and maintains users
SU02: Creates and maintains profiles
SU53: Displays LAST authorization failure
ST01: Traces keystrokes
SU03: Lists objects and classes
SM04: Monitors user activity
SE16: Looks at specific tables in SAP (T003 = auth. group)
SA38: Looks at programs (AUTHORITY-CHECK)
SU12: Deletes all users (usually disabled)
SU10: Adds or deletes a profile to all users
CSU
02/14/98 Chico SAP Security Lecture 20
SAP AG
SAP Security: Coming Attractions
CSU
02/14/98 Chico SAP Security Lecture 21
SAP AG
Application of SAP Security to Classroom
Activity
Define what “jobs” or roles we want the students to
have per class --functional profiles
Set up authorizations for each job or role - job profiles
Assign job profiles to users
Document existing authorizations for Display and
Create Activities for each “application” object
Create authorizations for Display and Create where
missing
Create a standard profile that any user could have
(view only to all modules)
CSU
02/14/98 Chico SAP Security Lecture 22
SAP AG