Cooperation with internal support
MANAGED SERVICES
The tasks of a company's own SAP Basis department are undergoing enormous change at many companies, as SAP is also relying more and more on cloud services. Strategically, completely self-hosted SAP systems are becoming rarer and the proportion of customers using an SAP system from the cloud is increasing. The new roles of SAP Basis employees tend to be "enablers" and coordinators between the cloud provider and internal IT and the business departments. Until that time comes, companies can also rely on external service providers to offer expert know-how as well as operational support for the transition period.
Within the framework of an innovation team or test laboratory to be created, it is necessary to admit ideas outside of the SAP basis or to consciously use other sources of ideas within and outside the company. These may include business units, external service providers, universities or series of lectures on specific topics.
Determine bottlenecks
In order to solve the challenges, it is necessary to develop a suitable catalogue of criteria to evaluate the feasibility or suitability of certain applications for certain service forms. The service catalogue must be structured in such a way that the criteria, which cannot be answered clearly, can be identified and subjected to continuous consideration. The catalogue of criteria cannot generally provide a 100% decision, but only a decision aid and an absolute must-criteria.
A secure SAP system does not only include a good role concept. It is also necessary to check whether a user should (still) have a specific role. Regular verification of role assignment is called recertification. In this blog post, I'd like to introduce you to the need for recertifications and our own tool, EasyReCert. The need for recertification - scenarios: Example 1: The "apprentice problem" Imagine the following scenario: A new employee (e.g. apprenticeship or trainee) will go through various departments as part of his or her training and will work on various projects. Of course, an SAP User will be made available to your employee right at the beginning, which is equipped with appropriate roles. As each project and department passes, the employee repeatedly needs new permissions to meet the requirements. After the employee has successfully completed his or her induction and is now in a permanent position, he or she still has permissions that are not necessary to perform his or her duties. This violates the principle of "last privilede" and represents a potential security risk for your company. Example 2: The change of department The change of department is one scenario that probably occurs in every company. If a change of department does not automatically involve a complete reallocation of roles and the employee simply takes his old permissions with him, critical combinations of permissions can occur very quickly. For example, an employee who has permissions in accounts payable and accounts receivable violates the SoD ("Segregation of Duties") principle and poses a potential security risk to your company. Recertification as part of a revision: The two examples above show that a regular review of role allocation identifies potential security risks for your business and can be addressed.
"Shortcut for SAP Systems" makes it easier and quicker to complete a number of SAP basis tasks.
SAP recommends a role design for Fiori permissions based on the defined catalogues and groups in the launchpad.
Here, too, the requirements profile for SAP Basis experts has shifted: Database administration is simply part of the job today.