Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Recent blog posts

Do you know the best way to handle ongoing new T-Code and development requests? Should the CIO approve allocating the resources for business requirements as they pop up or should he thoroughly inspect each application first?

 iStock_000006052358_XSmall.jpeg

Continue reading
Hits: 5581 0 Comments

Authorization Fields – Just a Quick Explanation

Screen_Shot_2014-04-24_at_10.24.54_AM.png

Authorization fields are the basic elements of an authorization object.

For example, in an authorization object for a company code, if you’d like to allow the user to use screens in company code 1000 in “Display” mode only, but company code 2000 in “Change” and “Display” modes, you will probably define the object with two instances:

  • Company 1000, Activity “Display” – in technical terms BUKRS = 1000, ACTVT = 03
  • Company 2000, Activities “Change” and “Display” – in technical terms BUKRS = 2000, ACTVT = 02, 03

And then you’d put these instances into an authorization role and grant the role to the user.

Now, for the Stats

Continue reading
Hits: 10043 9 Comments

Even though Authorization Objects are the most basic components in the SAP authorization world, they make SAP much more secure. Many organizations argue that you should use Authorization Objects like you spice food: If spices are used properly, there’s total harmony and you can’t live without them. But if they are overused, they ruin the dish and the whole authorization mechanism becomes too difficult to handle.

 iStock_000014011698_XSmall.jpeg

Continue reading
Hits: 5873 0 Comments

Oh Mama!

Although the title of this blog refers to mothers, it’s really referring to anyone who’s not technically savvy. The people that, when you tell them that you’re the new authorization manager at your corporation will squint their eyes and say, “Well, I’m sure it’s great and everything, but what does that mean?” The family members who, when they want to show off to their friends, tell them how very talented you are and how you’re “doing something with computers.” Even your kid who embarasses you when he tells his 9th grade class that his father “fixes computers.” Then you realize that you have a problem giving a clear explanation of what you do.

 

Continue reading
Hits: 8402 2 Comments

“Conscious uncoupling,” (see goop) the fancy new age words that Gwyneth Paltrow and Chris Martin are using instead of the word “divorce” do feel a bit weird, but there is some truth to the approach that I think can actually highly benefit certain events the SAP world. In fact, without a “conscious uncoupling” approach to employees in the SAP world, a great deal of work might go to waste.

iStock_000005261770_XSmall.jpeg

Continue reading
Hits: 6027 0 Comments

One morning the company’s security manager or auditor appears at your door and catches you off guard with a question, “Hey, how can I know if someone is looking at employee salaries or peeking at their social benefits?” Without hesitating or looking away from your computer, you answer the obvious, “Well, if the person doesn’t need this function as part of his job description, he doesn’t have permissions for it.” But this uninvited guest is not leaving. He replies, “And what if he got permission by accident, or if he moved to a different position and the relevant authorization wasn’t removed…? How can I know if this person is still using his old permissions and looking at sensitive employee data?”

iStock_000026249003XSmall.jpg

Continue reading
Hits: 7547 2 Comments

True Story

A customer from a large enterprise came to us and said, “Our company has an ‘open policy.’ We trust our employees, so we grant all of them SAP_ALL. We know that SAP_ALL includes all authorizations in the system but everything’s working fine and our authorizations are very easy to maintain, as you’d expect. But we need to spot the people who are taking advantage of this freedom and going beyond their permitted activities; those who are misusing their authorizations and, based on their job descriptions, going where they’re not allowed. For instance, we have a sneaking suspicion that some people in the warehouse are exploring payroll records.”

iStock_000034870080Small.jpg

Continue reading
Hits: 6963 5 Comments

Xpandion’s CEO, Moshe Panzer, a recognized professional advisor for SAP Licensing, has some excellent advice about a topic that’s been disturbing a lot of SAP customers recently – indirect access. I hope you’ll find this information beneficial for your organization.

iStock_000014159510Small.jpg

Continue reading
Hits: 14578 4 Comments

Indirect Access is a hot topic these days in the SAP licensing world. Our customers come to us regularly with the same six basic questions, and we figured you must have them too. So we decided to set the record straight when it comes to licensing of indirect access in SAP systems.

iStock_000033866040Small.jpg

Continue reading
Hits: 12103 2 Comments

When you ask the average SAP customer or novice license consultant how many SAP license types they know of, they will probably answer “Professional,” “Limited Professional,” “Employee” and maybe even “ESS” (Employee Self Service). But these aren’t the only answers. And if you think they are, you might be severely limiting your leverage with SAP and your negotiating power. 

b2ap3 thumbnail iStock 000015728429XSmallHow Many Different SAP License Types Do You Know?

Continue reading
Hits: 32454 1 Comment


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com