SAP SECURITY – Case Studies

SAP SECURITY – Case Studies

Day 1 Case Study 1: (1 Hour) 1. New Project has been started, we need to Time - 1 Hour • Introduction To SAP create below users for the project start: • SAP Security & Architecture • Creating Functional user • Importance of SAP Security • Creating technical user with all access Time – 3 Hour • Creating RFC user • SU01 – User Administration • Creating system user • Review and Importance of SU01 – Tabs Case Study 2: (1 Hour) • SU10 – Mass User Data 2. Project has a below requirement: • USER Type & Significance • Updating mass user parameter Time – 1 Hour • Assigning roles to mass user • SAP Client Architecture • Assigning Group & validity to mass user • Client Dependent Vs Independent Case Study 3: ( 1 Hour) • Default Password 3. Project / client mail interaction • Discussion on Security Terminology • Request you to unlock below user id’s in the • USER Administration Tables system • Reset the Password of user’s • Enhance the Validity of the user id • Lock the below user • Delete the below user as they are not part of organization

Day2 Case Study 3 ( 1 Hour) Project want to get all the user master details of Time – 1 Hour the user present in the system with help of SAP • Revision & Doubt Session for Day 1 table and email address maintain for the user • Project Question & Answers Case Study 4 ( 2 Hour) Time – 4 Hour Divide the candidates in Group of 4 • Introduction To Roles ( PFCG) Group A / B / C D – Create roles per member by • Role based Access adding authorization object manually and adding • Authorization Objects / Field transaction. • Different Type of roles Each person has to create 1. Single role ( by • ORG Level adding manual and transaction in role • Master & Derived roles Composite role and master / derived role • Transaction • SU24 / Traffic Lights / Text of objects • USOBT / USOBX / Authority Check • SAP Tables related to roles

Day 3 Time – 2 Hour Case Study 4 ( 1 Hour) Discussion on role – What they have Extraction of manual status authorization object and found different in adding manually standard , org levels of roles created by each group and creating different role Case Study 5 ( 2 Hour) Time -2 Hour • Project has a requirement to find all the roles • Transaction code : SUIM • Different report discussion on SUIM which have specific authorization object with • Run all the reports of SUIM through specific value. • All users with locked status technically • Change document of user • Comparison of two roles • Authorization object assigned to user through which role

Day 4 Case Study 6 ( 3 Hour) Creating security, Basis and Time – 1 Hour Developer roles • SAP Profiles Reverse troubleshooting of roles • Discussion on SU21 & SU22 • Assigning roles that have Time – 2 Hour • Logon Parameters for Security limited access and • Special users & S_TCODE troubleshooting the error • Table Authorization which end user faced. • Program Authorization Time – 2 Hour • Transport Authorization object • Discussion on Basis , Developer & Security Authorization object • User Master Data • Client Profiles • CUA – Terminology • Consequences of Debug Access

Day 5 Time – 1 Hour Case Study 7 ( 1 Hour) • Discussion on transaction : STAD • Extract the report for the and ST03N transaction code executed by users Time – 1 Hour • Custom Transaction code Case Study 8 ( 2 Hour) • Couple Transaction code Executing the steps of SU25 for upgrade reports and extract the • RFC Authorization file for analysis Time – 3 Hour • SU25 – Security Upgrade

Day 6 Time – 5 Hour Case Study 9 – 2 Hour • Introduction to BI / BW • Project required BW reports for their • Security related to BI security end user, how to troubleshoot and assigned the required role to the end • RSECADMIN users. • Difference between ECC and BI Security • SAP Tables for BW Security • BW trace for end user • Analysis authorization for BW • Role assignment in BW

Day 7 Time – 5 Hour Case Study 10 Time – 3 Hour • Revision of SAP Tables and recap of Giving different Scenario to Group A, B, C, D Group A/B – A new project need to be the role structure implemented for Finance and there are • Discussion on Role Design Strategies different plants ( 01,02,03) – please proceed with the design. with Students. Group C/ D – A project need to upgrade in which already roles are setup but new plants ( 04,05,06). Their design rely on Group A/B. They will discuss with each other to get a better design.

Day 8 Case Study 11- 2 Hour Extracting the ODATA services from Time – 1 Hour Fiori library • Introduction to S/4 Security Extraction the roles from Fiori • FIORI Security library • Difference between UI5 & Fiori Extraction the catalog and business Time – 2 Hour function from Fiori library • Fiori Launchpad • Different type of Fiori apps • Fiori app version • Abap version • Fiori Architecture Time – 2 Hour • Discussion on Fiori library

Day 9 Time – 1 Hour Case Study 12 ( 2 Hour) • Hub and Embedded environment Project need to configure the Fiori Time – 2 Hour apps – Create the launchpad role • HTTP RFC and ABAP RFC and admin role for the projects • System Alias • ODATA Services • How to maintain ODATA Time – 2 Hour • Discussion on designing customer & admin role • All Services • SICF Services

Day 10 Time – 5 Hour Case Study 13 ( 3 Hour) • Define Business catalog and • Project need to configure the Fiori technical catalog / groups apps for Finance for their team but • Adding role configuration with they have details information. Security team need to configure catalog the Finance apps • Enabling the ODATA Services and Group A/B/C/D – Configure the Fiori apps and execute the test id. how to add the roles • Configure the Fiori apps with roles

Day 11 Case Study 14 ( 3 Hour) Project has developed own set of Time – 1 Hour Fiori apps which need to be deliver to • Discussion on ECC roles and S/4 roles the end user, There are SAP GUI apps Time – 4 Hour and custom apps. • Creating the custom catalog and group Security team need to create the catalog / groups and configure the in SAP same • Configure the different type of Fiori apps • Adding the custom catalog and groups in role • Checking the ODATA Services.

Day 12 Case Study – 15 ( 3 Hours) Project need to deploy the Fiori apps Time – 2 Hour and security test of the apps • Troubleshooting Fiori apps Group A/B  Configure the Fiori apps • Fiori apps developer mode of Finance and Group C/D do the • Reports and transactions in S/4 troubleshooting Time – 3 Hour Group C/D  Configure the Fiori apps • Introduction to HANA Security of MM and Group A/B do the • S/4 Vs HANA Vs ORACLE troubleshooting • Advantage of HANA • Multitenant Architecture of HANA • Native HANA vs HANA • Repository

Day 13 Case Study 16 (2 Hours) Project need to implement HANA Time – 4 Hour security and required to created roles • Introduction to HANA Security as per the privilege and users in the • Privileges HANA DB. • Roles – catalog / repository • User – Restricted / Standard • Audit and Traces • Repository / packages • Composite roles in HANA • Procedures • Analytical privilege Time 2 Hours • Introduction to GRC • GRC 5.0 Vs GRC 10.0 Vs GRC 10.1 Vs GRC 12.0 • Different features of GRC • Organization dependency of GRC

Day 14 Case 17 ( 2 Hours) Practical hand’s on connectors setting Time – 5 Hours Implementing step by step all the steps • Discussion on GRC ARM of ARM • Connectors settings Creating risks as per the module • Integration Scenario • Define steps on ARM • Discuss on GRC ARA • Risk analysis & SOD Functions • Mitigation controls • Parameters for ARM and ARA • Rule id – function – action – permission

Day 15 Time – 5 Hours Case Study 18 ( 2 Hours) • Introduction to BRM Configuring the EAM for • Role configuration steps project requirement • Introduction to EAM • End to end configuration of EAM • Firefighter , Firefighter ID, controller and owners • Parameters for EAM • Centralized and Decentralized Firefighters • Troubleshooting of GRC