Creating the Authorization Matrix??

Posted by ajitnadkarni - 2008/02/18 15:53

_____________________________________

Hi,,

How is security implemented in SAP.

How is the design (Authorisation) matrix created.What procedure is followed to prepare the matrix.??

Thankyou,
Ajit
============================================================================

Re: Creating the Authorization Matrix??

Posted by learnb - 2008/02/18 16:54
_____________________________________

Hi,

There are two ways:

1. Using a template
2. Studying and implementing the business processess.

If your company is implementing SAP fro the first time, you may need to with step 2. All the business processess should
be studied throughly and the roles should be created. This will be done with the Functional teams support and can't be
done individually.

Incase, if your company has a Landscape already to would like to implement SAP for a particular geographic region, you
can make use of the existing role set as a template.

Hope this answers your question.

============================================================================

Re: Creating the Authorization Matrix??

Posted by ajitnadkarni - 2008/02/18 17:09
_____________________________________

Hi ,,

Thanks a lot for replying..

Can u please illustrate the second case " Studying and implementing the business processess. " with some example??

Thankyou,
============================================================================

Hi
Posted by hari_kantipudi - 2008/02/19 16:25
_____________________________________

I beleive following information will help u.

Authorization requirements, (functional, Sarbanes-Oxley compliance)

Authorization strategy, procedure and plan
Identification of potential risks, data protection
Risk valuation, development of risk-control matrix
Identification of SAP functionality
Design of authorization structure (Securinfo for SAP)
Definition of special authorizations(Roles and its authorizations)
Authorization implementation (PFCG, Securinfo)Authorization tests
Optimization and quality assurance
Production planning
Learnb-Forum - Learnbasis.com mianboard Forum Component version: 1.0.4 Generated: 1 July, 2010, 09:59
============================================================================

@hari_kantipudi
Posted by ajitnadkarni - 2008/02/19 18:30
_____________________________________

Thanks hari..

It would be better if there r any sample case studies related to implementing security.
If any plz mail me at :<Email ID should be updated in your profile>

I am actually intrested in knowing how do I map the user requirement to technical aspects in SAP.

Thank you,
============================================================================

good info
Posted by ankit_ranka - 2008/02/20 19:20
_____________________________________

hi ,
how can we identify the potential risks and how risk valuation can be performed ? can u plz explain or can u plz provide
some links where i can find suitable information.
thanks
ankit
============================================================================

Re: Creating the Authorization Matrix??

Posted by learnb - 2008/02/21 00:01
_____________________________________

Hi Both,

SAP has identified the potential risks and included it in the Virsa Compliance Calibrator tool. This tool has around 156 pre
identified high risks and many more medium, and low risks. Every risk is identified by a risk ID. You can know more about
the GRC in the following website:

http://www.sap.com/solutions/grc/riskmanagement/index.epx

However, some of the implementations doesn't have the Virsa tools. For those, the authorization matrix will help to
identify the potential risks. Authorization matrix is a spreadsheet that shows the SOD violations.
============================================================================

Learnb-Forum - Learnbasis.com mianboard Forum Component version: 1.0.4 Generated: 1 July, 2010, 09:59