Embed Size (px)
Citation preview
5 Dangerous Quotes People Say About SAP Authorizations
Moshe Panzer CEO
Author
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
#1 SAP authorizations are too complicated
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
Actually, its not that complicated and you can learn all about it
quicker than you think.
Knowing exactly how the SAP authorization model works helps
saving your time and your company’s money.
You can start here with this guide.
After acquiring the basic knowledge get a good consultant who’s
been in the field for a few years – At the end of the day, nothing is
better than experience.
#2 The project will be quick, we have only 2 company codes
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
In fact, if you want to perform a thorough authorizations project, it will
probably start when your SAP project begins and end on the go-live day.
No serious authorization structure can be done very quickly
because someone needs to make strategic decisions about what to
implement, and someone needs to work on executing the
implementation.
You may have only two company codes, but how many warehouses are in
them, how many different purchasing groups or general ledger type of
accounts are handled?
It’s not as simple as it might look at a glance,
because you might be ignoring other authorization related requirements.
For some additional info click
#3 We will work with t-codes level only, don't go deeper
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
No-No! don’t do this. SAP authorization objects were
created especially for security purposes.
Granting authorizations to t-codes without limiting
people to certain objects is like giving the car keys to
your kid and saying:
“Take it out whenever you want.”
But when you add authorizations, you’re saying:
“Here are the car keys, go out and have fun with your
friends – but my monitoring System (SAP
authorization system) will verify that you are not too
far away from home, and at midnight will shut down
the engine.”
#4 We don't deal with authorization checks in our z programs, so why bother?
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
You’re just inviting fraud! Your own-developed
programs are precisely like SAP’s programs,
there is absolutely no difference to SAP between
code that was written by them and code that was
written by the customer.
It’s imperative to implement authorization
checks in your code in order to prevent the
misuse of programs and the vulnerability for
someone to commit fraud.
In fact, even though this issue is well known,
it’s still not managed well enough.
Authorizations? yes, the auditors werehere and they approved it
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
Ignorance is bliss.
In most organizations, internal and external auditors don’t
really understand authorizations so deeply,
and also they are usually focused on financial-related
authorizations. A thorough check, done by an authorization
expert, is a must. Don’t cheat yourself by saying, “If the auditor
told me it’s OK, I’m good.”
Strive to have your authorizations checked by someone that‘s
really familiar and understands SAP authorizations!
Want to see how YOUR
system handles risks?
SAP ® is a registered trademark of SAP AG in Germany and in several other countries
