eBook - ePub
Authorizations in SAP S/4HANA and SAP Fiori
Alessandro Banzer, Alexander Sambill
This is a test
- 850 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Authorizations in SAP S/4HANA and SAP Fiori
Alessandro Banzer, Alexander Sambill
Book details
Book preview
Table of contents
Citations
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Authorizations in SAP S/4HANA and SAP Fiori an online PDF/ePUB?
Yes, you can access Authorizations in SAP S/4HANA and SAP Fiori by Alessandro Banzer, Alexander Sambill in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.
Information
1 Introduction to SAP Authorizations
This chapter introduces you to the topic of authorizations in SAP, why and when authorizations are needed, and how to implement authorizations in SAP Business Suite as part of your security framework. Weâll reflect on the evolution of SAP systems and its effect on security, which is no longer a matter for your application layer only. Security has become even more important on the layers underneath (typically an SAP HANA database) and above (SAP Fiori or any other client). In addition, weâll shine a light on current trends, including digitalization, big data, connectivity, platforms, and their effects on todayâs SAP landscapes as we move to hybrid environments consisting of both on-premise and cloud-based solutions. This chapter emphasizes the authorizations point of view when operating such a hybrid SAP system landscape.
SAP technology has significantly changed in recent years. New technologies have been introduced; platforms, modules, and solutions have been consolidated; and new applications have been integrated. In this process, SAPâs cloud-first strategy has impacted entire business processing and system landscapes. The power of modernization and digitalization has also driven a focus on the user experience (UX). However, whether application security is still guaranteed with all these changes is not always clear.
Whenever we talk about security concepts, two terms are commonly tossed around, leading to confusionâauthentication and authorization. Authentication is when the user logs on to an SAP system with a user name and password or other credentials. An authentication provider validates if your user name and password are correct and allows you to log on. Authentication determines âwho you areâ but not âwhat you can do.â
Once a user is authenticated, authorizations come into play to define what the end user can do in the system. A user without authorizations can still log on to the system but is not enabled to use any functionalities within due to missing authorizations. At this point, the user is authenticated, but not authorized.
A common concern is designing authorizations in the right way so your organization can manage access effectively and efficiently. In this chapter, weâll focus on the term âauthorization,â describing its necessity, its various types, and how it fits into the SAP world.
1.1 What Are Authorizations?
Authorizations enable end users to perform activities in a system, from a business operations point of view. Typically, end users have dedicated responsibilities and tasks for which they require specific authorizations. Lacking authorization results in missing access to particular system functions. Access requirements vary across business functions. In rare scenarios, a user may even require several position-specific authorizations due to cross-functions, deputy roles, or job-sharing.
Authorizations also enable the management of access to sensitive functions or data. As such, access to mission-critical system functions or sensitive business data may not be granted to all users. Unauthorized access could result both in a violation of internal policies, as well as a violation of laws or regulations, such as data protection requirements.
Generally, various requirements affect how the access model is designed and how access is granted to your users. These requirements can generally be categorized in the following way:
- External requirements
- Legal obligations (Sarbanes-Oxley Act, Foreign Account Tax Compliance Act [FICA], General Data Protection Regulation [GDPR], Law of Obligations)
- GxP requirements (Good manufacturing practices)
- Industry standards (IEEE standards)
- Certifications (Cybersecurity Maturity Model Certification, ISO/IEC 27001 â Information security management)
-
- Internal requirements
- Internal controls (over financial reporting)
- Internal policies (code of conduct)
- Principles (least privilege)
- Standards (best p...
-