Table of Contents

Open all
Close all
Acknowledgments
11
PART 1 User Master Records
13
1 Displaying the Technical Names of Transactions in the SAP Easy Access Menu en Masse
15
2 Improving Your User Master Record Accuracy with Hidden Fields
18
3 Defining an SAP User ID Naming Convention to Manage User Master Records
21
4 Using BAPIs to Help Mass-Maintain the User Master Record
23
5 Customizing the Rules for Automatically Generated Passwords During User Creation
27
6 Finding and Using User Parameters to Prepopulate Transactional Fields
30
7 Improving Your Business Reporting through User Groups
33
8 Working with Inactive Users
36
9 Customizing SAP and User Menus through the Session Manager
38
10 Assigning Roles through an Organization Structure without SAP HCM Deployed
40
11 Constraining Organization Structure Visibility through an HR Personnel Development Profile
42
12 Automatically Maintaining Structural Authorizations
45
13 Linking User Master Records to HR Data
48
14 Performing Mass Changes for Users and Roles in Java
51
15 Displaying Authorization Errors in Transaction Log SU53 for Different Users
54
16 Customizing Users’ Selection en Masse
56
17 Mass-Changing Secure Network Communications Data for SSO User Mapping
58
PART 2 Development Security
61
18 Validating Your ABAP Code before Moving into the Production System
63
19 Archiving and Restoring a User’s Favorites
65
20 Displaying the Security Data Dictionary Definition with the Object Navigator
68
21 Finding Vulnerability Strings in Your ABAP Code
71
22 Creating a Transaction Variant to Restrict User Activities
75
23 Finding Authorization Object Documentation
78
24 Searching for Values and Definitions in ABAP Data Dictionary Tables
81
25 Mass-Exporting Query User Group Information
83
26 Managing an Authorization Check in the Transaction Header
86
27 Restricting a User’s Access to Called Transactions
88
28 Managing Customizing Tables in a Production System
92
29 Analyzing Your Security System to Keep it Updated
95
30 Using Parameter Transactions to Avoid Giving Direct Tables/Programs Access to End Users
97
31 Discovering Maintenance Customizing Transactions with a Table Name
100
PART 3 Profile Generator
103
32 Finding Roles That Contain Transactions at the Menu Level
105
33 Permanently Enable the Technical Name View in Transaction PFCG’s Authorization Tree
107
34 Creating a Sustainable Authorization Roles Naming Convention
110
35 Evaluating the Manual or Modified Authorization Status during Profile Generator Maintenance
116
36 Creating an SAP_ALL Display-Only Role
119
37 Maintaining an Aligned Set of Job Roles with a Naming Convention
123
38 Designing and Assigning a Basic Role to All Users
126
39 Maintaining Derived Roles to Improve Authorization Maintenance
128
40 Discovering Misalignment between Transactions by Downloading Data to Spreadsheets
131
41 Finding Misinterpreted Authorization Wildcards in Your Roles
134
42 Performing Mass Downloads and Uploads of Standard Authorization Values
137
43 Setting Up Mass Adjustments for Derived Roles
139
44 Troubleshooting Authorization Problems for Users
141
45 Customizing Your Tree Menu Settings to Avoid Duplicate Structures
145
46 Automatically Populating the Authorization Objects Transaction Link When Performing a Developer Trace
149
47 Adjusting Query Maintenance to Avoid Security Problems
154
48 Cleaning Up Unused Batch Jobs
156
49 Setting Up Authorizations to Allow Internet Service
159
50 Avoiding Security Holes during SAP Menu Role Maintenance
162
51 Changing the Rules to Generate Profile Names
166
52 Comparing Authorization Roles to Check for Alignment Between Systems
168
53 Replacing the Parent Role of a Derived Role en Masse
170
54 Generating Large Quantities of Profiles for Roles in a Single Transaction
173
55 Using SAP BAPIs to Manage Roles with an External Program
176
56 Using Manual Composite Profiles to Bypass the Profile Technical Limit of 312
180
57 Using Parameter IDs and Customizing Transactions to Manage Authorizations
185
58 Removing Expired User-Role Links
189
59 Filtering Roles by Their Status
191
PART 4 Segregation of Duties
195
60 Tailoring Your Ad-Hoc Analysis by Using Custom Groups in RAR and ARA
197
61 Modifying Your Selection Criteria for User/Roles Analysis in SAP GRC 10.0
201
62 Clustering Data to Enhance Your RAR Reporting for Easier Consumption
204
63 Performing a User Impact Risk Analysis
207
64 Setting Selection Criteria for the Web Interface as a Default Value
210
65 Defining a Firefighter User ID Naming Method
212
66 Using Organizational-Level Mapping in Business Role Management to Improve Role Derivation
215
67 Using Business Role Management to Define Business Roles in Place of Composite Roles
219
68 Setting Up Data Segregation in SAP GRC ARA
222
69 Keeping Your Mitigation Tables Clean and Accurate with the Invalid Mitigation Report
226
PART 5 Upgrades
229
70 Making Your Roles Compliant with Transaction SU25
231
71 Deciding How to Set Up Your Authorization Upgrade
237
72 Managing Derived Roles during an Upgrade
241
73 Converting a Manually Created Profile into a Role
244
74 Avoid Maintaining a Role’s Authorization Tree Twice When New Transaction Codes Are Added
247
75 Identifying New Transactions in a Role’s Menu
249
76 Communicating Password Requirement Changes During SAP Upgrades
251
PART 6 Auditing
255
77 Searching for Roles or Users Using Transaction SUIM with Asterisk Searching
257
78 Using the Security Audit Log to Manage Your Super Users’ Access
259
79 Changing the Classification of an Audit Log Message
263
80 Configuring the SAP System to Log Activity in the Security Structure
266
81 Activating Table Tracing to Log the Details of Changes Made
269
82 Viewing All Instances of Profile Parameters
272
83 Identifying Alias Transactions to Eliminate Unauthorized System Access
275
84 Finding a Specific User Who Has Made Changes to Values
279
85 Identifying Query Changes
282
86 Protecting and Auditing Your Remote Function Call
284
PART 7 Security Templates
287
87 Using a Spreadsheet to Collect Authorization Data
288
88 Defining a Template for Gathering and Defining Your Job Role Data
291
89 Defining a Template for Gathering the Organizational Constraints of Job Role Data
294
90 Defining a Template for Gathering the Nonorganizational Constraints of Job Role Data
297
91 Using Pivot Tables and Authorization Reports to Customize Data for the Reader
300
PART 8 Continuous Compliance and Governance
303
92 Defining Data for User Revalidation
305
93 Revalidating Roles and Providing Documentation for Analysis
309
94 Making Sure Users Are Assigned Only to the Roles and Transactions They Use
312
95 Using Indirect Role Assignment to Simplify User Maintenance and Reporting
315
96 Defining Business Owners
319
97 Finding Misalignments between Organizational-Level Pop-Ups and Authorization Data in Derived Roles
321
98 Finding Manually Created Authorizations in a Role’s Authorization Tree
325
99 Substituting SAP Queries with Specific Transaction Codes
328
100 Using a Query to Find Manually Created Authorizations and Convert them to Roles
330
Additional Resources
333
Index
339