Magic won Management needed for successful security testing
Most of the companies do not take SAP security testing very seriously. The functional team is busy getting the configuration and they do not allocate time to test the SAP security roles. They assume users will be all fine when they go into production. To their surprise most of the go live problems is going to be due to SAP security. From my personal experience these are the required high level steps for successful security testing
1. Good requirement gathering by the functional team in co-ordination with security team
2. Testing of roles in Development environment with test script
3. Integration testing of both single and composite role
4. Test id should mimic the user access in production
5. Test scripts for each job or function
6. Good change control process once roles moves to production
The over arching requirement is solid management support. Companies could follow some or more of these processes based on the size. Can someone add more high level steps based on their experience???
OneAccess-UserManager for SAP
SAP Certified- Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@ softsquare.biz
Phone: 877 717 5487
Automate and Meditate
No comments:
Post a Comment