SecurityBridge Expands U.S. Partnerships With Taciti Consulting
SecurityBridge Expands U S Partnerships With Taciti Consulting Alliance
Combined Efforts Streamline SAP S 4HANA Transformations and Secure SAP Ecosystem
When the average tech person hears about SAP Authorization objects, they naturally think of it as something that blocks them from accessing data in SAP.
There is SOME truth to that. But that is not the full story.
SAP Authorization Objects for SAP NetWeaver AS ABAP technologies are not just blockers. They are the ENABLER of access. The best practice is to grant it based on the concept of “Least Privilege” which some people associate with this Taboo label.
“Least Privilege” means that any user should be granted access on simple criteria:
SAP has a seemingly endless number of Authorization Objects, but let’s focus on just 4 authorization objects that control access to data in Tables. These four Authorization objects start with “S_TABU_”
– S_TABU_DIS is the original authorization object that grants access to SAP tables… but not to specific tables. It grants access to tables based on assignment to an Authorization Group.
– S_TABU_NAM was introduced as an enhancement idea to S_TABU_DIS.
– S_TABU_CLI brought yet another dimension to the granting of access.
– S_TABU_LIN is the most sophisticated of these table authorizations. It allows you to grant access based on specific ROW content within a table.
Every SAP Authorization Object is rich in content and detail. The SAP Security Consultant must become familiar with Authorization Objects. There are too many to memorize them all. So, utilize transaction codes SU24, PFCG, and SUIM to get to know and understand how and where authorization objects are utilized. It is a vast field, but now you know 4 out of hundreds.
Another tip for all SAP implementations: Utilize a best-of-breed solution that can scan all your SAP NetWeaver AS ABAP environments to make sure that the Authorization Objects are properly utilized. This includes the associated TCodes, Roles, and Profiles, and the ABAP custom code with its Authority Checks. . .all of which are linked to Authorization Objects.
The solution that I recommend is the SecurityBridge Platform. It is SAP-certified, developed in SAP technology, made FOR SAP environments, and runs IN SAP. Ask for demo, I would be happy to help you get that on your schedule.
If you are interested in getting into the SAP Security Consulting field, please reach out to me on LinkedIn. I am easy to find, and just mention that you saw this article. We can take the conversation from there!
S_TABU_DIS – SAP HELP: https://help.sap.com/doc/saphelp_nw75/7.5.5/en-US/48/8dedbccaf43987e10000000a421937/frameset.htm
S_TABU_DIS, S_TABU_NAM, S_TABU_CLI – SAP Help (scroll down): https://help.sap.com/docs/SAP_Solution_Manager/bdd095d01c7941c8b5d4c27e04da7315/6970fb31c0174dd68a5c71c4df7fa410.html
S_TABU_CLI – SAP HELP: https://help.sap.com/docs/HR_RENEWAL/28cb35be3518492c9ac9786bb7cf468d/6404dd5321e8424de10000000a174cb4.html
S_TABU_LIN – SAP HELP: https://help.sap.com/docs/HR_RENEWAL/28cb35be3518492c9ac9786bb7cf468d/db03dd5321e8424de10000000a174cb4.html
SAP Note 1500054: https://launchpad.support.sap.com/#/notes/1500054
Posted by
Find recent Security Advisories for SAP©
Looking into securing your SAP landscape? This white-paper tells you the “Top Mistakes to Avoid in SAP Security“. Download it now.
SecurityBridge Expands U S Partnerships With Taciti Consulting Alliance
Combined Efforts Streamline SAP S 4HANA Transformations and Secure SAP Ecosystem
SAP Security teams can kick start a comprehensive security platform and gain significant improvements already within a day What they need is a holistic platform
This article explores the differences between the 2 processes and how they can help bolster the security of SAP systems