Role of SAP security design consultant

Similar Messages

• Role of SAP Functional & Basis Consultant for any new authoirzation/user ID in Support Phase

  Dear Expert,
  Please let us know what is standard /best practice for below activities in SAP Support phase?
  Who will responsible for Authorization Matrix?
  Who will be first point of contact (Functional / Basis Consultant) to SAP user for any new authorization request?
  Who will do the testing & impact analysis of new authorization?
  If we provide any new SAP transaction code to the end user & user is facing authorization object issue then who will be first point of contact for user Functional / Basis Consultant?
  Also who will be fist point of contact (Functional / Basis Consultant) for new User ID creation request?
  In our current practice Functional consultant is dealing with end user. He is taking requirement of new Report/Transaction access request & doing analysis. Then he is taking approval from BPO & based on BPO approval Functional consultant is providing training to end user. When end user is accepted requested report requirement in standard report or transaction data process then Functional consultant is sending request to Basis consultant along with authorization parameters like Role, Organization parameters, type of activity (create/change/display/delete) etc.
  Our Basis consultant is not agreeing for this process & he want to directly deal with end user for all activities & he will take help of Functional consultant if required.
  Sorry friends this is not technical discussion but it is create big dispute between our internal support team regarding who will be first point of contact for any authorization related issue?
  Regards / Aviya.

  Dear Aviya Paul,
  1. Who will responsible for Authorization Matrix?
  Authorization Matrix that define "what position may have access to which authorization/ role" shall be developed by User (Management), with support from BASIS. User is the one who have the authority to decide, while BASIS should help User in understanding the technical knowledge of access authorization.
  2 to 5. BASIS.

• IDM & GRC (including Firefighter ) role in SAP Security

  Please provide me information reg IDM,GRC & FIREFIGHTER in SAP

  That is quite a difficult task, given the eloquent description in your question
  I suggest you have a look at the GRC area here in BPX, and browse through the GRC and Identity Management forums.
  The solution web pages (like http://www.sap.com/solutions/grc/index.epx) should also provide you with a lot of information.
  Feel free to come back here if you have detailed questions.

• Role of a Security Consultant in an SAP implementation Project

  Hi All,
  What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?

  Hello Mohammed,
  The role of a Security consultant in any SAP product implementation (not just GRC) is wide enough and it's hard for anyone to sum up on a single forum post. Still I can give you some pointers.
  Security consultants come from different backgrounds, some from networking, database administration, infrastructure and even development like me. They contribute enormously to any product implementation from scratch (landscape design) to go-live (and continuous maintenance) so they are active on every phase of the implementation.
  Following are some of the activities they may perform (or participate)
  -System Landscape Design (work closely with BASIS and DBAs)
  -Check Infrastructure feasibility from security perspective (For Portals exposed to internet or extranet work closely with network providers for firewall security, VPS etc.)
  -Propose security guidelines, access policies, disaster recovery plan, business continuity roadmap (work closely with information security consultants and internal auditors or risk management teams)
  - Implement SAP solution specific Security measures (involves almost every SAP solution) for example: SAP R/3 security, GRC, BW/BI, HR, FI, Portal security etc.
  - participate in application integration for example: LDAP, IDM, SAP UME, shared directories etc (User master records security is on high priority).
  -   Check for any possible backdoor access vulnerabilities (ex: open RFCs, function modules like ping_rfc), and it involves almost all SAP solutions and there are special procedures to analyze such vulnerabilities.
  there are many such activities that a security consultant perform on day to day basis. Please do not interprete the above mentioned activities (entirely) as a criteria for any security consultant profile. There are many many possibilities for a security consultants to work from pen testing to SoD violation remediation. That's why I said it's not easy to sum up security.
  Always remember, Security and GRC are two sides of a coin they work together. however GRC is more of a combination of policy, regulation, events and involves management participation whereas security is a purely technical practice.
  You may also be interested to know what it takes to become a forensic security specialist.  Take a quick look at [http://amudee.com/?p=378|http://amudee.com/?p=378]
  Best Regards,
  Amol Bharti

• Roles & Responsibilities of a Basis consultant in an SAP implementation

  Hi All,
  What are the Roles & Responsibilities of a Basis consultant before/during/after an SAP implementation project?
  Please list all of them separately.
  Regards,
  Nivas

  1.    1. Perform User administration and role/profile assignment.
  2.   2.  Perform Role Creation, Modification and Full trouble shooting support for the users authorization failures in all SAP applications and resolving the Security issues and support in integration testing of Roles/Profiles.
  3.  3. Maintain the integrity of the SAP environment by managing the SAP Correction and Transport System (CTS) to ensure all configuration and development objects are promoted properly.
  4.    4. Distribute the online SAP user workload and monitor and manage the SAP background job workload.
  5.   5. Perform OSS / SAP Service Marketplace: Searching notes & creating OSS messages for the respective queries to improve the Performance. And software download, Maintain System Data, License Key & Maintenance Certificate, Developer & object registrations and connection maintenance etc.
  6.     Starting and Stopping SAP instance/(s).
  7.   6. Preventive Maintenance activities - Support Pack/Plug-in implementations, Kernel upgrades, OSS note applications and to apply support pack for Java using JSPM.
  8.    7. SAPGUI/SAPLGPAD troubleshooting and maintenance/upgrades/installations.
  9.    8. Prepare and maintain system documentation, procedures, and standards.
  10. 9. Perform SAP Database Administration – Space management, database reorganizations, design and implement backup and restore strategy, maintain database security, administer database performance, database problem determination and resolution, etc.
  11. 10. Perform SAP Installation, Post installation, client administration, System Refresh and Post-Refresh activities as required.
  12. 11. Perform parameter modification, Buffer, memory management, performance tuning and troubleshoot.
  13. 12. Perform SAP Licensing – Indentify inactive user, user classification and prepare System Measurement result for SAP Global Audit team.

• What are the Essentials for a Sap Security Consultant.

  Hi Gurus,
  I have completed a Implementation in which I alone handled the entire Security . It is a defense client .
  Now I am technically expert at security. But I have no functional knowledge.
  Implementing Security in SAP one needs to have knowledge of funtional process as well. The course that are purely technical stuff and I have good idea of techincal stuff.
  The Question is what is a Sap Security Consultant expected to know . And how to go about acquiring that knowledge?

  Hi Hussain,
  There is a little bit of release-dependent-everything in this thread: Authorization for VAP2 in conflict with VD02 for F_KNA1_GRP
  Try solve it and you will understand that you need the requirements (without that you are anyway doomed) and the knowledge and the appropriate access to create / test it.
  BAPI's are remote enabled stable interfaces to SAP standard functionality. They are the best examples of combining functional, technical and standard skills in a sustainable way without creating a mess (a mess, way beyond the bounds of your concerns...).
  If you learn to use the available tools and information sources, then you dont need to stress about the essentials, even if your customer makes a design error before or after your advice.
  Cheers,
  Julius

• Role of Solution Manager in SAP Security.

  Hi
  Can anyone help me to understant the role of SAP Solution Manager in SAP Security.   Link to any relevant document is appreciated.
  Thanks you all.

  Hi,
  First understand and decide what each consultant is going to do in the system. Like Technical Consultant will take care of Installation, Setting Up Landscape, Setting up TMS etc.
  Project Manager will create projects, Handle roadmaps etc.
  Segregating this way will help you defining the Roles in the system. I would also suggest you to have authorization Matrix in a Spreadsheet.
  The authorization can also be categorized based on Operational processing.
  Check this link.
  http://help.sap.com/saphelp_sm40/helpdata/en/24/c7baad86044eacb7203cdd341211a9/content.htm
  For authorization in Servicedesk.
  Check page 35 in this link.
  https://websmp207.sap-ag.de/~sapidb/011000358700001197002005E/Addtional_Information.pdf
  http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714a9439b11d1896f0000e8322d00/content.htm
  Rewads point if help ful
  Thanks
  Pankaj Kumar

• Role and responsibilities of SAP BW support consultant

  Hi Guru's,
  What is the Role and responsibilities of SAP BW support consultant?
  Regards,
  Sabari kannan.S

  XI Architect:
  He plays the role in the analyzing the landscape for which XI will be used...will take the special not on the number for legacy systems involved...type of system...how much amount of data will flow what has to be taken care for better performance etc........
  1. Design the XI for the currentl lanscape for high performance...
  2. Idebtiy the bottle necks which can appear.
  3. understanding the busnies requirement withrespective to XI
  4. Configure the XI according to the standrds
  5. Lays ground rules on the developemtnenv till golive.
  6. what's the good appproach of design when systems like CRM,BW etc are invloved.
  7 tranports methods till  production and so on

• How does my role as a SAP SECURITY ADMIN dfiffre frm upgrade n implementati

  hi Gurus ,
  i am new to this Security i just want to know how does my role as a security admin differ ..in a implementation project and in a upgrade project ........pls answer this ..............n can i get any doc abt the tables n the objects .............related to security .......................  any links or docs u can mail me at [email protected]
  thank you

  A few inputs from my end....
  Implementation --> starting from role naming conventions to role design,sod conflicts, master child relations and documentation.
  Upgrade --> If from 4.0 versions to higher versions then its something similar where we convert profiles to Roles and then redesign them to SOD conflicts..
  But in case of higher upgrades then the java component access and the segregation of duties for these components as well have to be considered...
  Hope it helps...
  Vbr,
  Sri
  Award points for helpful answers

• Advice needed: what does your company log for SAP security role changes?

  My client has a situation where for many years, they never logged changes to SAP security roles.  By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!!  Sadly their ticketing system is terrible, completely free-form text and not even searchable. 
  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details?   What details do you capture?  What about Projects, that involve dozens of changes and testing over several months?
  I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system?  I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations.  It's really weird but they will get into big trouble eventually without any logs for security changes!

  Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
  I have questions:
  a) Do you want to make things straight
  b) Do you want to implement a versioning mechanism
  c) You cannot implement anything technical, but you`re asking about best "paper" practise?
  The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
  Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
  PFCG transaction usage will be curtailed to minimum if implemented fully.
  Do we really want to do things "outside" PFCG?
  @all:
  a) do you guys use custom approval workflows for roles?
  b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
  c) who is a friend of GRC here, raise your hand
  Cheers Otto
  p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild

• Role of a CRM  Technical consultant in SAP C4C and CRM on HANA

  Hi,
  What would be the role of a CRM Technical consultant in the following.
  SAP C4C
  SAP S4/HANA
  SAP CRM on HANA
  Thanks & Regards
  Sunil

  Sunil,
  I have got privileged of working on some C4C assignments & as far as my vision goes. A CRM Technical consultant is an integral part of any C4C/implementation or AMS environment.
  C4C has a real time integration/initial migration and a day to day basis data flow possible from Backend SAP CRM system. At Backend CRM, XIF adapter is tapped extensively to leverage these functionalities & as a CRM consultant it is not tough to adapt to the Cloud environment of C4C as well but Yes the UI technology has changed as well the view layouts.
  Thanks,
  Ravi

• SAP MM Functional Consultant's role in a Upgrade Project from 4.6C to 6.0

  Hi Guys,
  I will be thrown into a SAP Upgrade Project. I would appreciate if someone could shed some light on what a SAP MM Functional Consultants role would be in this kind of Project.
  I would appreciate a comprehensive guide where it includes role within each stage of the ASAP methodology for Upgrades.
  Thanks guys.

  > I will be thrown into a SAP Upgrade Project. I would appreciate if someone could shed some light on what a SAP MM Functional Consultants role would be in this kind of Project.
  - defining the core processes
  - test and customize them
  - release the customizing transports for production
  > I would appreciate a comprehensive guide where it includes role within each stage of the ASAP methodology for Upgrades.
  Since each project is different and each system has a different customizing/configuration it's not possible to generate a step-by-step guide what you have to do. The requirements are usually defined by the business.
  Your project leader should be able to give you a project plan (e. g. by using Solution Manager Upgrade Project) where you can get an idea based on the system you're going to upgrade.
  Markus

• What are the roles & responsibilities of SAP MDG Functional Consultant?

  Dear experts,
  Please explain What are the roles & responsibilities of SAP MDG Functional Consultant?
  Regards
  Adhi,

  Hello Adhi
  There is no limit to explore in MDG. As a functional consultant you are responsible for -
  1. Defining scope of MDG
  2. Set up governance process - Workflow
  3. Configuration - MDG (Activate services - functions / role set up / Data modelling / process modelling / replication set up ) - You have to involve in each of these activities with technical. You can also do it on your own.
  4. Testing - end to end testing and training
  5. Cut over activities - data load etc
  In these areas, you have to contribute 100% and work with entire team (tech) for set up.
  As mention, you can explore a lot in MDG.
  Kiran

• SAP Security Report for single and composite roles

  Hi
    I have a requirement to create a cutomize report in SAP Security.
  I have to display Composite roles,corresponding single roles,the tcodes assigned to those single roles and the description of t- codes. The selection screen has composite roles,single role and T-code which are optional.User can enter selection in any of the selection critreria.How should I go on this?If user gives only composite roles on the selection for e.g 'TEST'. for this role I get suppose 3 child roles 'TEST1' 'TEST2' 'TEST3' from table AGR_AGRS.Now to get the tcodes i go to table 'AR_1251' and I get the tcodes.
  But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.for e.g, 'TEST' 'SAP1' 'SAP2' etc..Now if go to get the tcodes for this single role in AGR_1251,I will ceatainly get the tcodes for eg MM01,FB01,etc.But then how would I know whether MM01 belongs to composite role 'TEST' SAP1' or SAP2' for the single role 'TEST2'.
  Please advise.
  Thanks
  Edited by: Julius Bussche on Aug 13, 2009 4:52 PM
  Subject title improved

  I though of seperate selection options for singles and composites, but you also said:
  > But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.
  My suggestion would be to build better single roles, but that is just me...
  Cheers,
  Julius

• Any ideas on restricting userID Role Assigment within the SAP Security Team

  Hello,
  I have gotten a request to look into restriction of assignment of roles to oneself within the company SAP Security Team. Thoughts I have come up with so far involve the use of UserID User Groups, Role Assignment Ranges, and forcing all role assignements for all userIDs through GRC-AC CUP for QA and Prod. Has anyone come up with a workable solution that is outside of these suggestions that they have put into practice?
  Thanks in advance for your help!
  John

  Hi John,
  There can be a manual control in place and individual should not assign role/s to himself / herself.
  Otherwise, security team members can be assigned to a specific group (let say Security) and they shouldn't have access to authorization S_USER_GRP with ACTVT 22 & CLASS - Security.There should be a dedicated power user to assign the role/s to the security team members and this can be auditted (SM20 log for manual super user / FireFighter log for FireFighter user).
  Thanks
  Prasanna