SAP Security Patch Day – September 2024
Many ‘Medium’ to ‘Low’ priority notes. The September release contains a total of 19 patches for the severities illustrated as follows.
When the average tech person hears about SAP Authorization objects, they naturally think of it as something that blocks them from accessing data in SAP.
There is SOME truth to that. But that is not the full story.
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers. They are the ENABLER of access. The best practice is to grant it based on the concept of “Least Privilege” which some people associate with this Taboo label.
“Least Privilege” means that any user should be granted access on simple criteria:
SAP has a seemingly endless number of Authorization Objects, but let’s focus on just 4 authorization objects that control access to data in Tables. These four Authorization objects start with “S_TABU_”
– S_TABU_DIS is the original authorization object that grants access to SAP tables… but not to specific tables. It grants access to tables based on assignment to an Authorization Group.
– S_TABU_NAM was introduced as an enhancement idea to S_TABU_DIS.
– S_TABU_CLI brought yet another dimension to the granting of access.
– S_TABU_LIN is the most sophisticated of these table authorizations. It allows you to grant access based on specific ROW content within a table.
Every SAP Authorization Object is rich in content and detail. The SAP Security Consultant must become familiar with Authorization Objects. There are too many to memorize them all. So, utilize transaction codes SU24, PFCG, and SUIM to get to know and understand how and where authorization objects are utilized. It is a vast field, but now you know 4 out of hundreds.
Another tip for all SAP implementations: Utilize a best-of-breed solution that can scan all your SAP NetWeaver AS ABAP environments to make sure that the Authorization Objects are properly utilized. This includes the associated TCodes, Roles, and Profiles, and the ABAP custom code with its Authority Checks. . .all of which are linked to Authorization Objects.
The solution that I recommend is the SecurityBridge Platform. It is SAP-certified, developed in SAP technology, made FOR SAP environments, and runs IN SAP. Ask for demo, I would be happy to help you get that on your schedule.
If you are interested in getting into the SAP Security Consulting field, please reach out to me on LinkedIn. I am easy to find, and just mention that you saw this article. We can take the conversation from there!
S_TABU_DIS – SAP HELP: https://help.sap.com/doc/saphelp_nw75/7.5.5/en-US/48/8dedbccaf43987e10000000a421937/frameset.htm
S_TABU_DIS, S_TABU_NAM, S_TABU_CLI – SAP Help (scroll down): https://help.sap.com/docs/SAP_Solution_Manager/bdd095d01c7941c8b5d4c27e04da7315/6970fb31c0174dd68a5c71c4df7fa410.html
S_TABU_CLI – SAP HELP: https://help.sap.com/docs/HR_RENEWAL/28cb35be3518492c9ac9786bb7cf468d/6404dd5321e8424de10000000a174cb4.html
S_TABU_LIN – SAP HELP: https://help.sap.com/docs/HR_RENEWAL/28cb35be3518492c9ac9786bb7cf468d/db03dd5321e8424de10000000a174cb4.html
SAP Note 1500054: https://launchpad.support.sap.com/#/notes/1500054
Posted by
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
Many ‘Medium’ to ‘Low’ priority notes. The September release contains a total of 19 patches for the severities illustrated as follows.
SAP Cloud Identity Access Governance (IAG): An Introduction to Best Practices SAP Cloud Identity Access Governance (IAG) enables organizations to manage user access and compliance
Join industry leaders for a one-day event in Madrid to explore SAP security solutions and fortify your enterprise against evolving threats.