Posts Posts by: "Alessandro Banzer"

Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset…(Read More)

This article compares three different SAP role design concepts and explains the pros and cons of each approach. These are single roles, composite roles, and enabler role concepts. Each of the concepts can either follow a task- or job-based approach to authorizing end-users. We base our recommendations on a decade-long experience with…(Read More)

Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset…(Read More)

In my earlier blog about Firefighter lifecycles (https://blogs.sap.com/2014/03/03/firefighter-id-lifecycle/), I mentioned the requirement to review Firefighter IDs on a regular basis. Over the last couple of years, this requirement has become an audit finding in most organizations. Firefighter ID management is still a challenge for most organizations…(Read More)

This article describes the differences between Online and Offline Risk Analysis in SAP Access Control (GRC) based on several SAP Notes and our implementation experience. Before you can run offline analysis at all, you have to set the configuration option “Enable Offline Risk Analysis” to YES (Parameter 1027) in the Access Control configuration settings in…(Read More)

In this article, I’ll the discuss the differences between direct vs. indirect role assignment in the context of SAP authorizations. Each assignment scenario has its pros and cons, and you can use both independently or in combination to complementary each other. What are direct role assignments? Authorization roles (and profiles) are directly assigned to…(Read More)

Many SAP customers develop applications by writing custom ABAP code. That’s a risk if you don’t have proper ABAP code scanning procedures in place. In this article, I will explain how to analyze and mitigate the risk in custom code using the Xiting ABAP Alchemist. Business processes are constantly evolving, and businesses must…(Read More)