Transaction codes vs authorization objects. We at CSI tools believe that 90% of the security administrators do not know how many transaction codes and authorizations objects exist in a SAP system. Moreover if you ask the question what the purpose of a transaction code and an authorization object is in regard to SAP security, the answer is usually wrong.
Most people think that you can protect a SAP system by removing and assigning transaction codes and that the purpose of authorization objects is only to restrict to certain company codes, plants, sales organizations etc.
The reality is however completely different. Only the authorization objects assigned to a user will give this user the permission to access the data, regardless if this user can execute the transaction.
Without going in detail how SAP security really works, everybody can understand if security administrators, auditors or internal control teams do not understand the basics of the two core elements of SAP security, they will never be able to optimize the SAP security.
The scary thing is that all those people strengthen each other’s misunderstanding. As a consequence SAP security projects get more and more complicated and consume enormous budgets, without really improving the security.
Let us inform you via a phone call or webinar. We have over 250 (fortune 1000) customers. Let us explain why they chose CSI tools.
Johan Hermans, CEO of CSI tools
Mob: +32 495 246 398