Advantages of an IDM system
Planning & design of the system architecture
Instead of letting the power consumer determine each parameter individually, the SAP basis can now create meaningful bundles, such as the power server with a lot of processor power, memory and disk space, and the light server in a simpler setup. Each bundle has its own price, which requires preparation and consideration. The principle of consistently aligning IT services with repeatable standards is thus directly linked to the standardisation of processes and technical specifications. Standardised products can only be offered if process processes are standardised. Likewise, these can only be offered as simple and comprehensible product bundles if technical standards are established.
As a user of the group, you cannot see tabs either. Now select the applications / tabs to which the group should be accessed (with CTRL you can select several) and select the Grant button. Note: Select the Grant drop-down menu using the button and not the drop-down menu! Use the drop-down menu to determine if and how far users of the group you are currently editing can make CMC tab configurations to other groups / users! Select Grant for the desired tabs. If you still do not see any applications/tabs, it is because the group/user lacks the generic display right at the top level of the respective tab. To do this, go to the desired tab (in the example is the universe), select Manage —> Top-Level Security —> All Universes (the last point differs depending on the tab). Confirm the hint that appears and assign at least the following right for the groups you want: General —> General —> Objects View. Once this right is granted, the tab will also appear on the CMC home page. You can then see the tabs on the CMC home page.
Migration of your SAP system
Project successes should also be documented and circulated as success stories of the SAP basis or made available to the SAP basis stakeholders to highlight the importance of the SAP basis. These success stories can be shared from the grassroots or from the outside, for example. Examples include CIO communications or project reports. BENEFITS & CONSEQUENCES The added value of the implementation of the recommendations described above lies in the guaranteed operational stability and operational safety. In addition, a company and in particular an IT organisation with a strong SAP basis receives a competent and sustainable partner for SAP topics and technologies, who is always looking at the SAP picture in general. Furthermore, all business and IT departments are aware of the role and the scope of the SAP basis. This means that you can contact them as the right person in good time. There is a lower risk that certain areas may develop shadow IT related to SAP topics and technologies due to lack of transparency.
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
For administrators, a useful product - "Shortcut for SAP Systems" - is available in the SAP basis area.
A potential attacker now has the ability to read out your database with the password hashes.
As a result, the SAP basis is prepared for requests from business units or other IT departments and has the opportunity to approach them proactively.