Security configuration
and administration in SAP is a multi-phase process. Four key security
components are required to ensure the adequate security, privacy, and
integrity of information. The phases are as follows:
1. User Authentication
The first phase comprises
confirmation of user identity and results in authentication of user.
Unauthorized access to SAP system is prevented through this initial
check. This ensures system integrity by regulating secure access through
genuine user authentication.
2 Creating and Assigning Authorization
Profiles
A Profile Generator (PG)
is used to automatically generate and assign authorization profiles.
This tool was released with SAP version 3.1g and above. The
administrator can also create authorization profiles manually.
Note: Profile Generator can be retroactively
installed in SAP versions 3.0f and above.
The authorization objects
can be selected using the SAP Profile Generator. Administrators can
automatically generate authorization profiles for function-specific
access to SAP users after configuring initial settings.
The entire authorization
functionality of SAP signifies a new approach to authorization. The
administrator can define user authorization based on SAP functions.
Based on the selected function, the PG groups objects in
administrator-created authorization profiles.
Authorization profiles
created by a Profile Generator are based on the given authorizations. It
also speeds up the process and simplifies administrator/user
communication facilitating both the administrator and users to use the
same SAP function terminology. To auto-generate an Authorization
profile, an Activity Group needs to be created.
Activity Groups
contain simple profiles and usually represent employee or job roles.
They are user-defined and allow administrator to organize and maintain
system activities. Activity group when used as an information database
reduces data entry time. Administrators can define activity groups in
two steps:
Selecting the criteria, such as access controls.
Dividing the activities into appropriate groups.
For example, activities
can be organized by functions, such as human resources, payroll, or
administration or by job classes, such as computer programming
activities, or accounting activities. A combination of function-specific
activity and job-specific activity can also be implemented.
Security implementation
with the new Profile Generator is based on the creation of activity
groups or a collection of linked or associated activities, such as
tasks, reports, and transactions.
Consider a business
situation involving a company, ABC Inc. faced with transaction security
hiccups in business dealings with its dealers. To address this problem,
the company can create authorization profiles for its dealers using the
profile generator features. This can be done by implementing the
following instruction set:
Instruction 1: A dealer activity
group should be created. Name this activity group as Dealer.
Instruction 2: All dealer-specific
business transactions should be included in the activity group.
Instruction 3: Generate an
authorization profile for Dealers.
Instruction 4: Assign Dealer to a
�new user� or in your system and update master records.
Following this procedure will ensure
complete functional access to the new user using the system as Dealer.
