Title: sap security online training canada,dubai
1SAP Security Online Training
Online classroom Corporate Training
certifications placements support CONTACT
US MAGNIFIC TRAINING INDIA 91-9052666559 USA
1-678-693-3475 info_at_magnifictraining.com www.
magnifictraining.com
2SAP Security Online Training
- Introduction
- What is Security
- Building blocks
- Common terminologies used Most Common
- tools in Security
- CUA
www. magnifictraining.com
3SAP Security Online Training
- What is Security?
- Security concept is same around the globe like in
your normal life, security - means removing or restricting unauthorized access
to your belongings. For - example your Car, laptop or cared cards etc
- IT Security?
- Information security (sometimes shortened to
InfoSec) is the practice - defending information from unauthorized access,
use, disclosure, disruption, - modification, perusal, inspection, recording or
destruction. It is a general term - that can be used regardless of the form the data
may take (electronic, physical, - etc...)
- SAP Security?
- In the same context of InfoSec. SAP security have
the same meaning or in other words - who can do
what in SAP?
www. magnifictraining.com
4SAP Security Online Training
- Building Blocks
- User Master
- Record Roles
- Profiles Authorization
- Objects
www. magnifictraining.com
5SAP Security Online Training
- User Master Record?
- A User initially has no access in SAP
- When we create access in system it defines UMR
User Master Record information includes - Name, Password, Address, User type, Company
information - User Group
- Roles and Profiles
- Validity dates (from/to)
- User defaults (logon language, default printer,
date format, etc) - User Types Dialog typical for most users
System cannot be used for dialog login, can
communicate between systems and start background
jobs Communications Data cannot be used for
dialog login, can communicate between systems but
cannot start background jobs Reference cannot
log in, used to assign additional Authorizations
www. magnifictraining.com
6SAP Security Online Training
- Roles and Profiles Roles is group of tcode (s),
which is used to perform a specific business
task. - Each role requires specific privileges to perform
a function in SAP that is called AUTHORIZATIONS
There are 3 types of Roles - Single an independent Role
- Derived has a parent and differs only in
Organization Levels. Maintain Transactions, Menu,
Authorizations only at the parent level - Composite container that contains one or more
Single or Derived Roles
www. magnifictraining.com
7SAP Security Online Training
- Authorization Objects
- Authorization Objects are the keys to SAP
security - When you attempt actions in SAP the system
checks to see whether you have the appropriate
Authorizations - The same Authorization Objects can be used by
different Transactions
www. magnifictraining.com
8SAP Security Online Training
- User Buffer?
- When a User logs into the system, all of the
Authorizations that the User has are loaded into
a special place in memory called the User Buffer - As the User attempts to perform activities, the
system checks whether the user has the
appropriate Authorization Objects in the User
Buffer. - You can see the buffer in Transaction .
www. magnifictraining.com
9SAP Security Online Training
- Executing a Transaction (Authorization Checks)
- Does the Transaction exist? All Transactions have
an entry in table TSTC - Is the Transaction locked? Transactions are
locked using Transaction SM01 Once locked, they
cannot be used in any client - Can the User start the Transaction? Every
Transaction requires that the user have the
Object S_TCODETransaction Name Some Transactions
also require another Authorization Object to
start (varies depending on the Transaction) - What can the User do in the Transaction? The
system will check to see if the user has
additional Authorization Objects as necessary
www. magnifictraining.com
10SAP Security Online Training
- How to trace missing Authorization Frequently you
find that the role you built has inadequate
accesses and will fail during testing or during
production usage. Why? - Why It happens?
- Negligence of tester or some other reason How
process initiated? - This process kicks when security guy receives
- Email or
- phone call or
- ticket
www. magnifictraining.com
11SAP Security Online Training
- How do we determine correct accesses required?
- SAP has various tools to analyse access errors
and determine correct Authorizations required
?Use Last Failed Authorization check - SU53 (60
effective) - Use Assignment of Auth Object to Transactions -
SU24 (60 effective) - Trace the Authorizations for a function - ST01
(90 effective)
www. magnifictraining.com
12SAP Security Online Training
- Common Terminologies
- User master Records Roles Authorizations
Authority - Check user buffer Authorization Errors security
matrix - Profiles Authorization Objects User menus
www. magnifictraining.com
13SAP Security Online Training
- SAP Password controls There are some Standard SAP
password Controls delivered by SAP which cannot
be changed - First-time users forced to change their passwords
before they can log onto the SAP system, or after
their password is reset. - Users can only change their password when logging
on. - Users can change their password at most, once a
day - Users can not re-use their previous five
passwords. - The first character can not be ? or !.
- The first three characters of the password cannot
- appear in the same order as part of the user
name. - all be the same.
- include space characters.
- The password cannot be PASS or SAP.
www. magnifictraining.com
14SAP Security Online Training
- Password Controls - cont.
- SAP Password System Parameters - system wide
settings that can be configured by MPL - Minimum
Password Length Password locked after
unsuccessful login attempts Password Expiration
time Password complexity - Illegal Passwords MPL can define passwords that
cannot be used - Enter impermissible passwords into SAP table
USR40 MPL Master parts List
www. magnifictraining.com
15SAP Security Online Training
- Tools
- ? SU01 User Maintenance
- ? PFCG Role Maintenance
- ? SUIM Authorization Reporting Tree
- ? SU02 Maintain Profiles
- ? SU03 Maintain Authorisations
- ?SU10 User Maintenance Mass Changes
- ? SU21 Maintain Authorization Objects
- ? SU24 Auth Object check under transactions
- ? SU3 Maintain default settings
- ? SU53 Display Authority Check Values
www. magnifictraining.com
16SAP Security Online Training
- CUA Central User Administration is a feature in
SAP that helps to streamline multiple users
account management on different clients in a
multi SAP systems environment. This feature is
laudable when similar user accounts are created
and managed on multiple clients - ? Centralized Admin
- ? Data consistency accuracy
- ? Eliminate redundant efforts
www. magnifictraining.com
17SAP Security Online Training
- We offer you
- 1. Interactive Learning at Learners
convenience2. Industry Savvy Trainers3. Learn
Right from Your Place4. Customized Curriculum5.
24/7 system access6. Highly Affordable
Courses7. Support after Training a. Resume
Preparation b. Certification Guidance c.
Interview assistance
www. magnifictraining.com
18SAP Security Online Training