Professional Documents
Culture Documents
Control
Improve
Profiling for SAP Compliance Management Access Control and Segregation of Duties
Understand, Optimize and Control your Business and IT
Subject Matter
Profiling for SAP supporting Security Compliance for SAP
Profiling for SAP Application Access Management and Segregation of Duties Optimization of Authorizations Project Support for SAP Blueprints
2
3 4
Page 2
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Understand
Profiling your SAP Solution delivers our Clients all needed insights to understand, improve and control their Business and complex SAP Landscapes.
Control
Improve
Page 3
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Standard application with tight SAP integration, high automation and flexible configuration
Profiler
BI DB
Analyzer
Reports Dashboards
Predefined set of Risk Rules Auditors, IT Security Analytic reports and dashboards Conflicts and potential conflicts of Accounts and/or Roles, Profiles
Page 5
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Role Compliance Check: Identifies roles that have SoD conflicts based upon the underlying transactions
User Compliance Check: Identifies SoD conflicts in users profile
Profiling for SAP smartly supports the Transition Phase from As-Is into an optimized SAP Landscape
As-Is Landscape
Run SAP Process IT Support
To-Be Transition
ASAP Project Methodology
Optimize Landscape
Run SAP Process IT Support
Technical Analysis
Functional Analysis
Processual Analysis
Regulatory Compliance
Sarbanes-Oxley (SOX, EuroSOX) Family Educational Rights and Privacy Act (FERPA) Federal Information Security Management Act of 2002 (FISMA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Joint Commission (TJC)
Page 10
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Access Control
Do some users have too much access? Sufficient access restrictions to private information?
Page 11
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Actions are subject to authorization checks that are performed before the start of a program or table maintenance and mandatory for the SAP applications : Starting SAP transactions
(authorization object S_TCODE) Starting reports (authorization object S_PROGRAM) Calling RFC function modules (authorization object S_RFC) Table maintenance with generic tools (authorization object S_TABU_DIS)
Page 12
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Used during implementation of new SAP modules and processes or optimizing SAP systems
Monitoring transaction and data access based on SAP background job for 24/7 security and compliance control Optionally runs on central SAP Solution Manager to manage complex SAP landscapes as a non-invasive solution Web based BI solution based on a Business Warehouse for Compliance Management
Page 13
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Tight integration within SAP to manage complex SAP Landscapes and to leverage SAP standards Applicable to SAPs ERP, CRM, SCM and other ECC-based products Web based product, non-invasive, non-deployment solution regarding SAP production systems
Page 14
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Set of Risk Rules for different business domains like FI-GL, MM, SAP Basis, CRM or etc. Define SoD rules and critical actions and add standard or custom transactions to the rule set Define rules on Functional, Transactional or the most detailed Authorization-Object level
SoD Rule
Critical Actions
Define critical rules with high financial risks or potential security risks
Modify predefined configuration with a set of rules for SoD best practice
Page 15
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Assign Transactions
3. Define and Characterize the SoD Functions with Risk Rules Define a conflict: Function A & Group B Characterize the conflict with financial risk indicators:
High, Medium, Low
Exclude Rules from predefined configuration as N/A for your organization with a description
Page 16
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
SAP Transactions
Page 17
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
POTENTIAL RISK
Maintain contract/schedu AND ling agreement Customer master data maintenance Process sales orders Process sales orders AND
AND
AND
User can increase a customer Process sales credit limit and then process sales orders orders for that customer leading to irrecoverable debt. User can create a fictitious Process sales contract and then create sales orders orders against that contract. User can create a fictitious Process sales customer and create orders for orders delivery to them thereby misappropriating goods. User can create/change sales Process outbound orders and deliveries to hide the deliveries misappropriation of goods. User can create sales orders and Maintain sales maintain pricing, therefore overdeal charging customers or giving then unauthorized discounts.
Page 18
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Risk
Financial Risk
SE11
PFCG
SM49
Execute OS commands
Page 19
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 20
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Configuration of Rules
SOD RULES
Page 21
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 22
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 24
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
SAP CONFIGURATION
Page 25
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Shows Transactions used for SoD rules assigned to Authorization Objects Identify all Authorizations Objects with potential risks.
Page 26
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 28
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 30
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
SAP USAGE
Page 31
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 32
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 33
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 34
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Benefits
Using the same kind of tools used by chartered accountants reduces service costs for external audit and advisory
Reduction of project efforts and establishment of SoD compliant authorizations from the start
Fully automated SoD analysis reduces TCO for the ongoing security control process
Auditors and IT security staff work on functional level even for complex authorization scenarios Avoidance of manual analysis and false positive assessments Flexible configuration includes custom Z transactions or external applications like Portals using BAPI or direct RFC calls Easy identification of users with access to sensitive data by internal security teams lowers costs of the compliance process
Page 35
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
OPTIMIZATION OF AUTHORIZATIONS
Page 36
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Example Report:
Assigned Role not relevant for execution of the custom Y YXPROC transaction
Page 37
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Benefits
Efficient establishment of a tradeoff between Business Requirements and Company Compliance Substantial reduction of project efforts in company compliance initiatives Simplification of information access to complex SAP data for company auditors reduces costs for the compliance process Uniformed use of tools by chartered accountants reduces external audit and advisory services costs Allows the handling of complex SAP landscapes with automatic data retrieval and cross-SAP system analytics
Automatic monitoring of changes of user authorizations given by organizational requirements lowers costs for audits and security control
Page 38
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Assign Transactions manually or use predefined Reference Models with T-Codes assigned like the SAP Business Process Repository (BPR )
Run Reports to analyze organizational Access Requirements Automatically identify standard SAP right roles or profiles supported Customize Roles (PCFG) and assign users
Page 41
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Page 42
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Benefits
Support of SAP Solution Manager improves the SAP Blueprint business process definition in terms of Compliance and Risk Management Synchronize organizational structures, functional access requirements, business processes and access control for slimline, fine tuned and fully SoD compliant SAP authorizations Leverage SAP tools, methodologies and best practice by a tight SAP integration with a BI based solution that reduces SAP project planning and implementation efforts Reduce SAP maintenance efforts by a consistent business process and security control documentation Ensure compliance through SAP improvements like ERP Enhancement Packages and organizational changes Define authorizations on functional level and support setup of technical roles and profiles.
Page 44
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies
Solutions by TransWare
All product, service and company names mentioned herein are for identification purposes only and may be trademarks or registered trademarks of their respective owners
Page 45
SAP Services Partner delivering expertise for SAP Solution Manager and SAP NetWeaver technologies with ASAP, Run SAP and BPM methodologies