Describing Access Administration for SAP Systems

Today, organizations expend considerable time, effort, resources, and capital investment to implement critical business solutions, such as SAP S/4HANA. These solutions and the infrastructure that supports them become integral to the operational success of these organizations. 

An SAP S/4HANA system houses a company's critical data and supports the business processes required to run the business. It is critical, therefore, that the organization has an access management strategy to protect its most valuable data and ensure access to all critical business applications. 

In the following video, you will explore how to develop an effective access management strategy that supports key organizational objectives such as risk reduction, secure access, data security, threat mitigation, regulatory compliance, segregation of duties, and auditability.

In the following scenario, learn how security is an issue for everyone.

To understand why the role of the User or Access Administrator is critical, it is helpful to have a basic understanding of the system architecture of an SAP S/4HANA system.

SAP S/4HANA is developed using a three-tier client-server architecture, which includes a presentation layer, an application layer, and a data storage layer. In this architecture, business users access the SAP S/4HANA business functions using one of several supported front-end technologies, including SAP Fiori, the SAP Business Client, and the SAP GUI.

Application and system security features, such as authentication, authorization, encryption, auditing, and so on, are managed and enforced primarily at the application layer. Business user access is controlled through the assignment of security roles that have been designed to appropriately restrict the users' access.

Applications connect to the database via a technical user ID. System interfaces, internal and external integration, and system communication are also supported by technical user IDs defined with appropriate roles and authorizations.

Finally, business users do not have direct access to the database or the database server. Direct access to the database in SAP S/4HANA, for example, is only possible for database administrators. Therefore, security at the database layer is focused primarily on securing administrative access to the database and database functions. In scenarios where an organization uses various business applications on-top of an SAP HANA Cloud database, the user administrator must ensure that business users have only access to the data that they need to perform their tasks.

An SAP user administrator will have many responsibilities. These responsibilities include the following:

• Define the user and authorization concept for each application
• Create and maintain business and technical user master records
• Manage user access (user locking, unlocking, and password support)
• Design and administer security roles
• Maintain profiles and authorizations
• Access Provisioning and deprovisioning
• Create and maintain database user IDs and user access

Watch the following video to learn how security is an issue for everyone.

As you can see, business and technical user IDs and the security access provided to them play a critical role in the operation of the SAP S/4HANA system. The administrator's primary goal is to ensure that only authorized users have access to the SAP system, and that each user (business or technical) has only the appropriate level of access for each required task or job function.   

In the following lessons, we will introduce you to the role of user administrator by exploring the user and authorization concept for SAP S/4HANA (on-premise) and for the SAP HANA Cloud.