Posts Currently viewing the category: "SAP Security"
Xiting SAP Security Blog

What is GDPR?  GDPR is the General Data Protection Regulation (GDPR) of the European Union. The data protection regulation will become active on May 25, 2018. GDPR will not only affect businesses in Europe, but it also applies to organizations that do business with European customers. Business in that sense means trading goods or services…(Read More)

Welcome to the SAP Security Challenge by Xiting. How much do you know about SAP Security? Do you know what you don’t know? To help you identify those areas, Xiting has launched the SAP Security Challenge with a monthly quiz to test your knowledge. Stay tuned and follow our blog to broaden your skillset…(Read More)

Xiting SAP Security Blog

This article compares three different SAP role design concepts and explains the pros and cons of each approach. These are single roles, composite roles, and enabler role concepts. Each of the concepts can either follow a task- or job-based approach to authorizing end-users. We base our recommendations on a decade-long experience with…(Read More)

Xiting SAP Security Blog

In the previous articles about the migration to S/4HANA, we talked about the changes in transactions and the difficulties that come with them. One more of a general problem is the question “Where do I start?” No matter if you just want to see what changes might have to be done to your roles…(Read More)

Xiting SAP Security Blog

In previous blog articles, we discussed fields that you should and should not maintain as SU24 proposals for roles. In this article, we’ll take a closer look at fields that you cannot maintain in SU24 due to technical restraints or configuration options. Fields promoted to USORG Organizational levels If you read the documentation of…(Read More)

Xiting SAP Security Blog

In contrast to application-specific fields, there are numerous object fields that you should not maintain in SU24 because they are specific to individual roles, or adding them to SU24 would significantly increase your maintenance effort. USORG Organizational fields The best example is fields that you have maintained on the organizational field level in PFCG…(Read More)

Xiting SAP Security Blog

When you create a role in the profile generator (PFCG) and add objects via the role menu, the SAP system automatically merges authorization proposals from transaction SU24 into the role. How accurate and complete these proposals are, depends on how well you have maintained them in SU24. Our experience has demonstrated that a well-maintained…(Read More)