Skip to main content

Posts

Showing posts from 2006

ForeThought - DeMystifying SAP Security

ForeThought - DeMystifying SAP Security I attended SAP Tech-Ed in Bangalore... I am now Officially SAP Netweaver Security Certified. Let me share my understanding about SAP Security. In my opinion, Classical SAP Security model with Users and Roles is simple yet a well thought out mechanism for giving access to Data and Functionality inside SAP. The Areas that need clearer understanding/implementation knowhow are Security model for Portals and Business Intelligence. One of the Areas which is left to abmiguity is security in the Presentation, Session and Transport Layers. Evidently SAP is moving from SNC to HTTPS protocol for Server to server Communications. With the new emphasis on WebDynpros(Portals) and Exchange Infrastructure(XI) the Diag and Rfc Protocols are giving way to HTTP. This transformation is not very evident as most SAP implementations are centered around SAP GUI. The Core Single-Sign On Central User Admin(CUA) is still based old model. A Promise from from SAP to deliver ...

Out-of-the-Box - Avoding Custom Side-effects

In my experience.. Most large software infrastructure product deployments run into the path of becoming non-standard implementations. IT decision makers are faced with a barrage of requests for customisation even after initial deployment of the product. The pressure of these requests drive even the very seasoned managers in to a trap of massive customisation. These changes end up in the installation without objective evaluation of real and percieved business value and their impact. This is worse..if the changes are executed during the roll-out or right after.... The resulting deployment is vulnerable and may result in: 1. Lack of Stability 2. Complication in Upgrade path 3. Less security The Support issues around such implementation cause undue stress on the staff. The other side of the coin is an arguement about the importance of functionality for improving efficiency and user experience. A Tight control on the finalization of requirements during pilot phase, A Disciplined approach to...