SAP authorisation checks are not the main focus of Protect4S, yet we do have built-in support for dozens of critical authorisations. These checks mainly look at which users have extensive rights, for example, to execute ABAP programs, debug systems, change users or are allowed to change the system profiles.
Based on customer requests, we have added additional filtering possibilities so that these checks can be further customised to filter out only those specific users in scope. In the Protect4S Support Package released later this week, apart from the most recent SAP Security notes, you will find these additions to the authorisation checks. With this extension, you can include only users of a specific user type (like Dialog or Service users for example) or whitelist users in your SAP systems.
An example can be found below where:
- A maximum of 0% of the users can have the specific authorisations
- Only Dialog (A) and Service (S) users are included
- User DDIC in client 100 is whitelisted
- SAPADM in all clients is whitelisted
Although this is just a small addition, it is another step that helps customers in their continuous effort to keep their business-critical SAP applications secure.
Wonder how you can automate and simplify your SAP security? Try out Protect4S for free for 1 month or request a free demo!
For more SAP security related news, articles and whitepapers, please follow us on LinkedIn!