Information
Sie befinden sich auf der internationalen Website von Espresso Tutorials. Möchten Sie zur deutschen Website wechseln?
Tarifa plana
19 € al mes
Master the principles of building secure, scalable, and sustainable authorization concepts in SAP.
This expert guide explores the evolution of SAP authorizations and the increasing demand for robust authorization concepts in today’s complex business landscapes. Whether you’re starting from scratch or refining an existing model, this book walks through every phase of an authorization concept project, from preparation and design to building, testing, go-live, hypercare, and ongoing maintenance. Learn how to align technical architecture with business requirements and how to avoid common mistakes that can jeopardize even the most carefully planned projects. With a wealth of real-world insights, expert tips, and architectural best practices, this book is an invaluable resource for SAP architects, project leads, and administrators dedicated to building secure, long-lasting authorization frameworks.
Wherever in the world a company operates, there are always regulations they have to comply with in order to ensure legal activities. These regulations can relate to data protection and cybersecurity, accountability in terms of taxes and financial governance, and measures to ensure the quality and safety of products and services. All these different regulations have one thing in common—companies need a proper authorizations concept in their SAP systems in order to be compliant.
Depending on a company’s geographical region, industry, size, and legal ownership, regulations of various origins, nature and detail can apply to the systems being operated. There are generally four important types of regulations, all of which impact a company’s SAP authorization concept:
Data protection regulations such as EU-GDPR (European Union General Data Protection Regulation) or PIPL (Personal Information Protection Law) aim to protect personal data from misuse and unauthorized disclosure and distribution. Given the variety and quantity of personal data contained in any SAP system—from employee data to highly sensitive data such as that relating to people in witness protection programs—it is highly unlikely that an SAP system will not be affected by legal compliance requirements.
Whatever regulations the SAP system must comply with, most decisions regarding its exact design, the quantity and content of roles, and the assignment of roles to users all adhere to one core guideline—the need-to-know principle, also known as the principle of least privilege.
Principle of least privilege—one role per person?
A common question that arises when discussing the need to comply with the principle of least privilege in authorization concepts is: does that mean the company needs one role per person?
That would be considered impossible!
Some stakeholders point out that the variety of functions and responsibilities in their company make it impossible to reduce access, because the company is small, and everybody has many tasks, in different combinations.
Like many other areas, IT security is one where compromises between security, feasibility, and business impact need to be reached. Most companies find it impossible to create, assign and maintain an authorization role strictly containing one employee’s rights in order to comply 100% with the principle of least privilege. Most companies, however, are able to describe the positions that perform certain processes and identify the tasks that belong to that position’s responsibilities. These two levels, the position and the task are key concepts in the overall role structure.
Risks indirectly relating to an end user’s business activities refer to the associated IT components—software, customizing, parameter settings, connectivity with other systems, the patching strategy applied, or the overall vulnerability management. In addition, these regulations affect the administration of SAP systems up to their authorization concept.
Regulations relating to financial and operational compliance aim to prevent fraud and minimize consumer risks. Fundamentals such as the principle of completeness and erasure prohibition (restricting the deletion or removal of data) in accounting tasks need to be observed without any compromises. This has very clear implications for a company’s authorization concept.
DORA regulation—need-to-know principle
Article 21 of the Digital Operations Resilience Act (DORA) states that “access rights to information assets, ICT assets, and their supported functions, and to critical locations of operation of the financial entity, are managed on a need-to-know, need-to-use and least privileges basis, including for remote and emergency access” (Commission delegated regulation 2024/1774 with regard to 2022/2554 of the European Parliament and of the Council of 14 December 2022).
Preguntas y respuestas generales sobre nuestros contenidos de aprendizaje.
El contenido de aprendizaje está diseñado para cualquier persona que desee adquirir conocimientos sobre SAP de forma sencilla, compacta y práctica. Nuestra plataforma de aprendizaje ofrece contenidos para principiantes, avanzados y expertos. Esto le permite ampliar sus conocimientos paso a paso y desarrollar continuamente sus habilidades para convertirse en un experto de SAP.
Nuestros productos, ya sean libros, vídeos o formación en línea, transmiten los conocimientos de SAP de forma concisa y práctica, para que pueda aplicarlos directamente en su trabajo diario, aunque disponga de poco tiempo. Usted se beneficia de una amplia cobertura de temas relevantes de SAP, contenido de alta calidad en cuatro idiomas y formatos de aprendizaje diseñados para adaptarse a sus necesidades individuales. Esto garantiza que pueda mantenerse al día y desarrollar continuamente sus conocimientos.
Nuestros libros se caracterizan por un claro enfoque práctico y una presentación compacta y fácil de entender. Explicamos temas complejos de SAP de forma concisa -sin palabras de moda de marketing innecesarias- para que los lectores puedan comprender rápidamente lo esencial y aplicar directamente los nuevos conocimientos.
Nuestros libros impresos pueden devolverse en un plazo de 14 días, en su estado original. Los gastos de envío de la devolución corren por su cuenta.
Actualmente sólo enviamos libros directamente dentro de Alemania. Si hace su pedido desde fuera de Alemania, le recomendamos que lo haga a través de Amazon. Puede encontrar el enlace seleccionando "Comprar eBook" en cualquier producto de nuestra tienda web y Amazon le mostrará entonces tanto la versión eBook como la impresa disponibles para su compra.
Alternativamente, puede acceder a todo nuestro contenido con una suscripción digital, a partir de 19 dólares al mes.
Nuestro equipo está siempre dispuesto a ayudarle y responderá a sus preguntas lo antes posible (normalmente en 1-2 días). También puede ponerse en contacto con nosotros si tiene preguntas para alguno de los autores. Correo electrónico: contact@espresso-tutorials.com
.jpg)