Database Reference
In-Depth Information
5.2.12.2 SAP System Controls
Every user has a valid user identity and password that is authenticated when logging in to the system.
The SAP authorization concept is implemented on the basis of the authorization objects. This ranges
from general access down to the level of access to individual tables, fields, and values. Authorization
could be for access to particular set of enterprise data or for a set of operations or both.
An authorization object consists of several system elements that need to be protected like
parametric or configuration data, master data, transactions, and processing tasks. For efficient
authorization, authorization objects are packaged into predefined authorization profiles. SAP sup-
ports an array of standard profiles for a wide range of applications and activities. These profiles can
be maintained independently and can be assigned to the appropriate users on demand. Users can
also be given authorizations to create, change, or view objects. Authorization profiles are further
combined into composite profiles for personnel who are required to work in areas that are not
covered by one profile.
More importantly, SAP's transport and release system controls and manages all programs that
are released into production as well as changes that are to be made from time to time on the system.
This transfer can only be done under the strict control of the transport and release system. The
transport system has a strict version control on all development objects that are transferred to the
production system. The transport system is subject to the SAP authorization concept.
All activities occurring in a SAP system get recorded in the system logs and can be listed accord-
ing to the user or transaction. Similarly, every change to the SAP startup profile, the customiza-
tions, database parameters, and the operating system parameters is also recorded and is available for
analysis. To ensure protection from unauthorized tampering, the SAP system as a whole is stored in
separate directory structures of the operating system with exclusive access authorizations.
5.2.13 Open Architecture
SAP enables the cooperation and portability of applications, data, and interfaces across different
computers, because they use internationally accepted standards for definitions of interfaces, ser-
vices, and data formats.
Because of the open architecture, SAP can work flexibly with multiple solution options at all
levels:
◾
Graphical interface level
◾
Desktop level
◾
Application level
◾
Database level
◾
External interface level
◾
Communication protocol level
◾
Hardware and O/S level
Figure 5.2 gives the various platforms supported by SAP.
5. 2.13.1 Portability
The SAP system can be used on a variety of systems. In fact, its platform independence permits the
use of different hardware or O/S platforms for presentation, application, and database servers with
