If business requires, it's possible in SAP to promote non-organizational authorization fields to organizational fields. This can be done using PFCG_ORGFIELD_CREATE. However, upon use it is possible that you receive the message that the program has become obsolete. To counter this, SAP has delivered a new transaction: SUPO/SUPO_SEL (see note 2625102). Once done in DEV, you will need to do this in QAS and PROD, and do the field conversion as well because the conversion is NOT transportable.
Nowadays we see an increase in Robotic Processing Automation (RPA). RPA is based on executing automated scripts, by software bots. So, RPA can operate in place of a human being and therefore save time and costs.
RPA in SAP comes with risks for data leakage and fraud of the business critical and sensitive data, therefore governance and security is of great importance. This blog gives insight into these security risks and how to tackle them.
SAP systems contains business critical and sensitive data that must be protected. Nowadays we have new challenges regarding the protection of this data. Environments are becoming more and more complex, access is possible via the cloud and the systems are distributed across geographical locations.
SAP systems contain business critical, sensitive and personal information that needs to be safeguarded from (cyber) security threats. We listed 7 secure habits that can help you with securing your SAP environment(s).
Access certification provides the support for process and role owners to collect and manage attestations that users only have the access privileges required to perform their job function. It facilitates faster and accurate access reviews of user privileges by highlighting conflicting permissions in users' access entitlements that have to be revoked or approved under listed exceptions.
SAP systems contain business critical data and needs to be secured. But investing in security means investing time and money. It is always difficult to find a budget for security related tasks. But do note that the costs for non-compliancy like damage to the brand, fines and penalties, theft of proprietary and loss of revenue are way higher than investing in a good solution for compliancy.
The European Commissions’ regulation for data protection rules (GDPR - General Data Protection Regulation, AVG in Dutch) in the EU shall apply from 25 May 2018. The objective of this new set of rules is to give control back to citizens over their personal data and to simplify the regulatory environments for business in the EU. SAP systems contain business critical and sensitive data including personal data which needs to be protected. Companies must follow GDPR rules for their SAP systems to ensure they are protecting Personally Identifiable Information (PII).
According to the new GDPR regulations, a breach of data protection occurs if an employee gains access to data that is not required for their occupational activity. This blog defines the four steps on how to protect this data for SAP systems and get and remain compliant for GDPR.
Due to pressure of local regulatory compliance issues and/or corporate governance demands there is a growing awareness of Governance Risk and Compliance among executive management. Use CSI tools to document all (SOx) governance principles on the fly, test and get insight in the status of the current access governance and remediate the risks.