The UK & Ireland SAP User Group, or also known as UKISUG, is back with a new edition of UKISUG Connect. From the 1st until the 3rd of December 2019, UKISUG Connect 2019 will take place at the ICC in Birmingham, UK.
In total there will be around 500 SAP customers, 75 exhibitors, more than 100 sessions, 90+ hours of education, 16 hours of networking, 7 keynotes and more than 200 SAP experts at the event.
CSI tools will host two sessions at UKISUG Connect 2019.
Session 1: The technological evolution of SAP and how this leads to security weaknesses in access control. - 01/12/2019 - 16:30-18:00 - ACS Workshop - Hall 7a
SAP systems contain business critical and sensitive data that needs to be protected. We want to keep the bad guys out and, on the other hand, need to let the good guys in. SAP is evolving in a rapid phase with the ongoing S/4 HANA implementations and releases. This workshop provides insight in security weaknesses in the access control of SAP systems. This workshop will give you guidance in:
•SAP’s technology background past till present
•Example SAP security issues
•And how to better secure the SAP systems, so your SAP system is more secured and you will pass the audits
Session 2: Access role management - the most important aspect of access control. - 02/12/2019 - 13:30-14:15 - ACS Stream - Hall 8b
SAP Access role management is one of the most important aspects of Access control, but very often “forgotten” to include in SAP implementations and live SAP systems. This leads to risks in safeguarding the SAP data. This session will cover concepts for SAP ECC as S/4HANA as HANA:
•Who are the role concept stakeholders?
•What are the role concept criteria?
•Compare the different role concepts with its (dis)advantages
•Technical considerations to take into account
Key point that attendees will take away from this session
•Role content is key for every IAM and preventive SOD (CUP) process
•How to define and maintain roles with correct authorizations which are aligned with business documentation
•Criteria needed to enable automated role building
•The GDPR requirements for role content