By: vnvrrw2c

vnvrrw2c — Mon, 24 May 2004 13:02:37 +0000

It would also depend upon what model of security is used in the organization. The implementation of security around user and role based is different than the HR org based, which is generally position and personnel number driven. If your organization does not use HR module, the choice would be limited to user and role based security.
One critical factor to consider due to impending SOA requirements is the Segregation of duties, which requires much bigger framework to identify the users and user group assignments as well as rule building to avoid conflicting access assignment to users. The toughest part here is that SAP does not have a robust functionality around SOD. There are few good softwares in the market, which can help to manage roles, document them and control SOD conflicts / access to critical transactions etc.
I can provide more information if you need it.

By: bigbob

bigbob — Fri, 14 May 2004 11:37:14 +0000

Our VP of IT has laid out and implemented security policies. They are user based, so whether a user is in windows explorer, ms outlook or our document portal, the user is only allowed to view demeened items by their group, then user definitions. Each user is assigned to the appropriate group(s) and each group has been given their viewing rights. It does take time and meetings to create these groups and definitions, but it saves in the long run. Also, be sure to use the proper software to help you do this. Our document portal is currently on win2000 servers, but we are deploying a new version August 1st on .net/2003. This is what prompted us to do the definitions now, so we could easily define and migrate in August. We are also employing RSA’s federate identity for customer and vendor relationships.

Comments on: Security Philosphy

By: vnvrrw2c

By: bigbob