Information
Sie befinden sich auf der internationalen Website von Espresso Tutorials. Möchten Sie zur deutschen Website wechseln?
Taux forfaitaire
19 € par mois
Master the principles of building secure, scalable, and sustainable authorization concepts in SAP.
This expert guide explores the evolution of SAP authorizations and the increasing demand for robust authorization concepts in today’s complex business landscapes. Whether you’re starting from scratch or refining an existing model, this book walks through every phase of an authorization concept project, from preparation and design to building, testing, go-live, hypercare, and ongoing maintenance. Learn how to align technical architecture with business requirements and how to avoid common mistakes that can jeopardize even the most carefully planned projects. With a wealth of real-world insights, expert tips, and architectural best practices, this book is an invaluable resource for SAP architects, project leads, and administrators dedicated to building secure, long-lasting authorization frameworks.
Wherever in the world a company operates, there are always regulations they have to comply with in order to ensure legal activities. These regulations can relate to data protection and cybersecurity, accountability in terms of taxes and financial governance, and measures to ensure the quality and safety of products and services. All these different regulations have one thing in common—companies need a proper authorizations concept in their SAP systems in order to be compliant.
Depending on a company’s geographical region, industry, size, and legal ownership, regulations of various origins, nature and detail can apply to the systems being operated. There are generally four important types of regulations, all of which impact a company’s SAP authorization concept:
Data protection regulations such as EU-GDPR (European Union General Data Protection Regulation) or PIPL (Personal Information Protection Law) aim to protect personal data from misuse and unauthorized disclosure and distribution. Given the variety and quantity of personal data contained in any SAP system—from employee data to highly sensitive data such as that relating to people in witness protection programs—it is highly unlikely that an SAP system will not be affected by legal compliance requirements.
Whatever regulations the SAP system must comply with, most decisions regarding its exact design, the quantity and content of roles, and the assignment of roles to users all adhere to one core guideline—the need-to-know principle, also known as the principle of least privilege.
Principle of least privilege—one role per person?
A common question that arises when discussing the need to comply with the principle of least privilege in authorization concepts is: does that mean the company needs one role per person?
That would be considered impossible!
Some stakeholders point out that the variety of functions and responsibilities in their company make it impossible to reduce access, because the company is small, and everybody has many tasks, in different combinations.
Like many other areas, IT security is one where compromises between security, feasibility, and business impact need to be reached. Most companies find it impossible to create, assign and maintain an authorization role strictly containing one employee’s rights in order to comply 100% with the principle of least privilege. Most companies, however, are able to describe the positions that perform certain processes and identify the tasks that belong to that position’s responsibilities. These two levels, the position and the task are key concepts in the overall role structure.
Risks indirectly relating to an end user’s business activities refer to the associated IT components—software, customizing, parameter settings, connectivity with other systems, the patching strategy applied, or the overall vulnerability management. In addition, these regulations affect the administration of SAP systems up to their authorization concept.
Regulations relating to financial and operational compliance aim to prevent fraud and minimize consumer risks. Fundamentals such as the principle of completeness and erasure prohibition (restricting the deletion or removal of data) in accounting tasks need to be observed without any compromises. This has very clear implications for a company’s authorization concept.
DORA regulation—need-to-know principle
Article 21 of the Digital Operations Resilience Act (DORA) states that “access rights to information assets, ICT assets, and their supported functions, and to critical locations of operation of the financial entity, are managed on a need-to-know, need-to-use and least privileges basis, including for remote and emergency access” (Commission delegated regulation 2024/1774 with regard to 2022/2554 of the European Parliament and of the Council of 14 December 2022).
Questions et réponses générales sur notre contenu d'apprentissage.
Le contenu de l'apprentissage est conçu pour tous ceux qui souhaitent acquérir des connaissances sur SAP d'une manière simple, compacte et pratique. Notre plateforme d'apprentissage propose des contenus pour les débutants, les apprenants avancés et les experts. Cela vous permet d'élargir vos connaissances étape par étape et de développer continuellement vos compétences pour devenir un expert SAP.
Nos produits, qu'il s'agisse de livres, de vidéos ou de formations en ligne, transmettent les connaissances SAP de manière concise et pratique, afin que vous puissiez les appliquer directement dans votre travail quotidien, même si vous disposez de peu de temps. Vous bénéficiez d'une large couverture des sujets SAP pertinents, d'un contenu de haute qualité en quatre langues et de formats d'apprentissage conçus pour répondre à vos besoins individuels. Cela vous permet de rester à jour et de développer continuellement votre expertise.
Nos livres se caractérisent par une orientation pratique claire et une présentation compacte et facile à comprendre. Nous expliquons les sujets SAP complexes de manière concise - sans termes marketing inutiles - afin que les lecteurs puissent rapidement saisir l'essentiel et appliquer directement les nouvelles connaissances.
Nos livres imprimés peuvent être retournés dans les 14 jours, dans leur état d'origine. Les frais de retour sont à votre charge.
Nous n'expédions actuellement les livres qu'en Allemagne. Si vous commandez depuis l'étranger, nous vous recommandons de passer par Amazon. Vous trouverez le lien en sélectionnant "Buy eBook" sur n'importe quel produit de notre boutique en ligne. Amazon vous indiquera alors les versions eBook et imprimées disponibles à l'achat.
Vous pouvez également accéder à l'ensemble de notre contenu par le biais d'un abonnement numérique, à partir de 19 dollars par mois.
Notre équipe est toujours heureuse de vous aider et répondra à vos questions le plus rapidement possible (généralement dans les 1 à 2 jours). Vous pouvez également nous contacter si vous avez des questions à poser à l'un des auteurs. Courriel : contact@espresso-tutorials.com
