Articles

Security & Authorizations

Created on Monday, 08 September 2014 14:35

SAP Security Manager

in Category: Security & Authorizations by Moshe Panzer
If you’re in the SAP Security field you ought to know that with a complex application like SAP, it is really not sufficient to only secure the communication and only prevent people from logging in from external IPs. The “big money” lies in the data: an employee who commits fraud or sells sensitive customer data to the outside can generate a huge...
Created on Wednesday, 03 September 2014 13:48

SAP Audits: Jargon and Preparation

in Category: Security & Authorizations by Moshe Panzer
What Is an SAP Audit and What Does It Include?In general, when somebody says that they have an SAP Audit, it can be interpreted as mainly two things: Either they have an audit by SAP, which is probably a licensing-related SAP Audit, or they have an audit of their SAP system (to distinguish it from other applications within the organization)...
Created on Wednesday, 23 July 2014 17:30

How to Use the SAP T-Code SUIM Correctly

in Category: Security & Authorizations by Moshe Panzer
How to Use the SAP T-Code SUIM CorrectlyGeneralThe SAP T-Code SUIM is one of the most popular T-Codes in SAP among security & authorizations, particularly because it summarizes many different SAP authorization aspects in one place. Although SUIM stands for “User Information System,” it’s commonly used to find answers to authorization-related...
Created on Tuesday, 06 August 2013 14:22

The Dreaded SAP_ALL Power Profile

in Category: Security & Authorizations by Moshe Panzer
The authorization profile, SAP_ALL has such vast amounts of authorizations inside that it is mistakenly known as “the profile that can grant everything in the SAP system”. These authorization profiles create security-holes, grant a huge amount of authorizations to people that can’t justify them, and expose the organization to possibilities of...
Created on Tuesday, 06 August 2013 10:10

Why You Should Use SUIM Very Carefully When Analyzing SAP Authorizations

in Category: Security & Authorizations by Moshe Panzer
SUIM: The Most Popular Activity for Analyzing SAP AuthorizationsIn many SAP audits or audit-related processes involving SAP systems – either while preparing for an audit or prior to a regular inspection for audit purposes – customers are guided by their auditors to use SAP T-Code SUIM (User Information System). Sometimes, the auditors themselves...
Created on Wednesday, 23 January 2013 14:33

8 Tips for a SAP Licensing Audit (SAP Licensing Series Part 1/3)

in Category: Security & Authorizations by Moshe Panzer
Once a year you receive an email reminding you that the time has come (again) to file your company’s SAP licensing report. Whether received directly from your regional SAP office or forwarded to you by your manager, an email mentioning an impending SAP audit is a stressful prospect in any organization. You are compelled to face decisions and...
Created on Thursday, 17 January 2013 18:20

How to Hack SAP®

in Category: Security & Authorizations by Moshe Panzer
This article deals with application security level only, providing explanations and examples pertaining to reducing business risk, protecting your enterprise's SAP applications and identifying hackers. The article is brought to you by Moshe Panzer, CEO of Xpandion, and is based on the company's vast experience in revealing, alerting and...

Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com