Sap security for audit seminar1
Click here to load reader
-
Upload
amit-gupta -
Category
Education
-
view
813 -
download
12
Transcript of Sap security for audit seminar1
![Page 1: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/1.jpg)
IRIS Authorizations/ Security
![Page 2: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/2.jpg)
User Administration
n User Maintenance - defining a user has many components including the following:n Basic User Datan Defaultsn Parametersn User Authorizations
n Primary Transaction – SU01n Central User Administration
![Page 3: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/3.jpg)
Basic User Data
n Namen Initial Passwordn Validity period of a user’s accountn User Groupn User Type
![Page 4: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/4.jpg)
Types of R/3 Internal UsersTypes of R/3 Internal Users
n Dialogn Batch Data Communication - BDCn Backgroundn CPIC
![Page 5: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/5.jpg)
User DefaultsUser Defaults
n Logon languagen Default printer (local or network)n Date and decimal formatsn Time Zone
![Page 6: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/6.jpg)
Parameters
Used to determine the default value for a field.
• Parameter Id• Value• Description
![Page 7: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/7.jpg)
Standard Parameter Assignments
KME Z_UT FI Account Assignment ModelKPL UT Chart of AccountsMOL 10 Personnel GroupingPNI US Country KeyUGR 10 HR User GroupVKO UT Sales OrganizationBUK UT Company CodeCAC UT Controlling AreaEKO UT Purchasing OrganizationFIK UT FM AreaFWS USD Curreny UnitFZ2 Z_UT G/L Account Line LayoutFZ5 Z001 Parking Document Line LayoutFBZ Z01 Posting Document Line Layout
![Page 8: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/8.jpg)
Rules for Passwords
n Minimum 6 charactersn Not to begin with ‘?’ or ‘!’n Not to begin with any sequence of 3
characters contained in the user namen Not to begin with 3 identical charactersn Can not use ‘PASS’ or ‘SAP’n USR40 Password Lockout Listn NOT Case-sensitiven Can change only once a dayn Can not change to 5 previous passwords
![Page 9: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/9.jpg)
USR40 – PW Lockout List
*IRIS**VOL*FIESTA*MOC*ORANGE*ROCKYTOPSMOKEY*TENN*UT*
![Page 10: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/10.jpg)
User Authorizations
n Granted via Activity Groups/Roles and/or Profiles
n Assigned to user master records to provide access to R/3 functionality
![Page 11: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/11.jpg)
Activity Groups
n Created via the Profile Generator (PFCG)
n Serve as containers for user menus and authorization objects and values
n Used to generate authorization profiles
![Page 12: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/12.jpg)
Authorization Profiles
n Generated from assignments made to Activity Groups in the Profile Generator (PFCG)
n Assigned to users via Activity Group Assignment
n Some high-level profiles, such as SAP_ALL, can be assigned directly to users
![Page 13: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/13.jpg)
Relationship of Activity Groups and Profiles
User
Activity Group Profile
Authorization ObjectDetailed Authorizations
Authorizations
![Page 14: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/14.jpg)
Profile Generator
n Menu – User Menun Task Assignment – associate
workflow task for “potential agents”n Authorizations – assign
authorization objects and generate profiles
n Users
![Page 15: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/15.jpg)
UT Activity Groups/Rolesn Departmental Roles
n Departmental Specialistn Departmental Managementn Funds Centers
n Campus Office Rolesn For example, CBO’s, Personnel Specialists
n Central Office Rolesn For example, Accounts Payable/Controller’s
Office
n Project Team/Support Roles
![Page 16: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/16.jpg)
Composite Roles
UT_DEPT_ADMIN_SPEC_CMP
UT_DEPT_ADMIN_SPEC_CO
GL
Dept AP
Mgmt MM
FM
CBO
Controller
CBO
AP
CBO
Controller
Budget Office
![Page 17: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/17.jpg)
UT Roles – Breakdown
Departmental Campus Level Central
Functional Role Functional Role Functional Role
Campus data role Campus data role
Funds center role
![Page 18: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/18.jpg)
Relationship to Workflown Security
n Provides the ability for a user to perform an action
n Workflown Routes the document to the appropriate
personn Performs background processing for some
functionalityn User must have both security and
workflow to act upon work items
![Page 19: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/19.jpg)
Workflow Roles/Assignments
n Departmental Reviewern Reviews documents before approver
n Departmental Approvern Provides the departmental approval for
documents
n Other special workflowsn Journal vouchers, CBO level approvals,
HR/security processes
![Page 20: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/20.jpg)
Useful Transaction Codes
SU01D Display UsersUser Reports - Tools-->Administration-->User Administration-->Information SystemZAPPS Display Approvers/Workflow ResponsibilitiesZSUBS Workflow Substitutes ReportZWIRPT Workflow Work Item Aging ReportSWI5 Workload AnalysisSM04 Current Users Logged in on "App Server"AL08 Current Users Logged in on SystemPFCG Profile GeneratorPP01 Display Workflow ResponsibilitiesFM5S Display FundFM2G Funds Center Hierarchy
![Page 21: Sap security for audit seminar1](https://reader037.fdocuments.us/reader037/viewer/2022100300/55839e7ed8b42aea578b4ac9/html5/thumbnails/21.jpg)
Security System Settings
n Password reset – 62 daysn Logon screen - disappears after 3
unsuccessful logon attemptsn User ID lock – after 6 unsuccessful login
attempts n Automatic logout - after 8 hours of
inactivity