MarieWagener.de -

Week 17 of the year 2012

Sat, 29 Dec 2012 21:29:04 +0100

Thousands of candles can be lit from a single candle, and the life of the candle will not be shortened. Happiness never decreases by being shared........

Buddha [563-483 BC]

NEWS: The 2nd Edition of the Practical Guide for SAP® Security - NOW AVAILABLE

Mon, 24 Dec 2012 20:34:31 +0100

The 2nd Edition of the Practical Guide for SAP® Security is
now available as e-book for free download.

Your kind feedback mails that I have received over time
[and hopefully responded to ;-)]
have definitely encouraged me to continue.

As promised I have added now a few more chapters [EP, BI, HR]
and significantly updated the How to Chapter.

The following 8 Chapters are provided:

1. Introduction to the general authorization concept of SAP®
2. Detail view: Components of the authorization concept
3. Basic mode of operations
4. Evaluation tools
5. How to and background information [updated and extended]
6. Enterprise Portal [NEW]
7. BI [NEW]
8. HR [NEW]

If you have any questions, I would be more than happy to answer them.
Please feel free to send me a mail.

This book is free for download, see attachments .

PRACTICAL GUIDE FOR SAP® SECURITY as e-book for free

Wed, 12 Dec 2012 01:01:49 +0100

This little book shall help you to understand the various elements of
SAP® security and their interaction.

Online Buch "Praxisleitfaden für SAP® CO" zum Download!

Sat, 03 Nov 2012 00:33:31 +0100

Hier steht Ihnen der Praxisleitfaden für SAP® CO
zum kostenfreien Download zusammengefasst zur Verfügung.

NEWS: eBook Webshop LIVE!

Wed, 03 Oct 2012 14:33:50 +0200

Wir freuen uns Ihnen einen kleinen Webshop
anbieten zu können, der es Ihnen ermöglicht, die von Ihnen
so häufig angefragten Bücher:

Praxisleitfaden für SAP® FI als persönlich lizenzierte Ausgabe
zum Preis von 69,90€

Praxisleitfaden für SAP® MM als persönlich lizenzierte Ausgabe
zum Preis von 69,90€

nunmehr käuflich zu erwerben.

Hier gelangen Sie zu unserem eBook Webshop.

For all English speaking vistors:

I have to apologize but the two books are currently not available
in English.
As soon as they are available, there will be a separate announcement.

Thanks for your patience,
Marie-Luise Wagener

NEWS APRIL: The power of risk adjusted audit management

Wed, 04 Apr 2012 23:51:46 +0200

SAP ® GRC - Governance, Risk and Compliance and Audit Management:

The power of risk adjusted audit management

How to customize WebDynpro configuration in GRC 10.0

Thu, 05 Jan 2012 14:34:11 +0100

NOTE FEBRUARY 2012

How to customize WebDynpro configuration

An UIBB is an user-interface building block, meaning basically an interface view
– a WebDynpro ABAP window. A customization can be done with the help of the FPM (Floor Plan Manager) configuration editor. Corresponding elements can be adapted and customized according to individual requirements.

Step 1 –Call WebDynpro service in configuration mode:

The desired URL is to be entered into the browser:

http://<system>:<port>/sap/bc/webdynpro/sap/grac_uibb_end_user_login?
sap-config-mode=x

How to create a transportable BRF+ flat initiator rule for MSMP in GRC 10.0

Tue, 03 Jan 2012 19:52:01 +0100

NOTE JANUARY 2012

How to create a transportable BRF+flat initiator rule for MSMP in GRC 10.0

The BRF (Business Rule Framework)+ is a strong tool when it comes to the
definition of ABAP rules to reflect business scenarios.
In the GRC 10.0 MSMP (Multi-Stage Multi-Path) workflow a business rule
can be utilized for different purposes as in the following example where we want to create a transportable initiator rule.

Step 1 -Creation of a development package:
The transaction SE21 is to be called and a desired name for the new package
to be entered. The development package is to be associated with a transport layer.
The creation results in a workbench request.
The software component is GRCFND_A.

Organization Rules in AC 10

Sun, 04 Sep 2011 10:25:04 +0200

NOTE SEPTEMBER 2011

Organization Rules in GRC AC 10

Organizational rules allow you to filter „false positives” from the risk analysis.

What does that mean?
You have a role concept with master derived roles, where e.g.
the leading organizational level is the company code with
a corresponding organizational value set.

Role_A_0001 for Company Code 0001 – (FB60)

How to customize an AR form for AC10

Mon, 15 Aug 2011 20:03:14 +0200

NOTE AUGUST 2011

How to customize an AC10 access request form

The Access Request (AR) form can be called via the NWBC -->
Access Management --> Access Request

The individual fields in this form can be customized.

To do this - go to the IMG (transaction SPRO)-->Governance, Risk

How to create an UME Role

Sun, 19 Jun 2011 10:46:14 +0200

NOTE JULY 2011

How to create an UME Role

In User Administration call the Identity Management.
Select Role and then Create Role.
Enter a unique name according to your agreed naming
convention and a description.

How to create a Portal Role

Sun, 19 Jun 2011 10:23:12 +0200

NOTE JUNE 2011

How to create a Portal Role

There are of course different approaches on how to create a portal role –
this section just provides a general introduction.
As a rule you should never maintain the SAP® standard roles.

In a first step you may want to consider creating your own folder with
permissions accordingly restricted to the role developers only.
A solid approach would be to assign the Owner permissions to

Role naming convention

Fri, 22 Apr 2011 11:42:27 +0200

NOTE APRIL 2011

Role naming conventions

There are so many different ways defining a role naming convention
that it is hard to determine the ultimately best approach.

It is important for maintenance, consistency and transparency to have
at least a clear concept.

In the following little note I will introduce you to one of my favourite
solution approaches based on the fact that the role naming
is limited to 30 characters.

General considerations:

Security Upgrade

Sun, 06 Mar 2011 09:22:13 +0100

NOTE MARCH 2011

Security upgrade

SAP® systems are upgraded on a frequent basis, and as part of such
an upgrade the security requires special attention as well.

While new authorization objects are introduced - even in purely technical
upgrade scenarios - additional relations between authorization objects
and transactions are also updated in the corresponding SAP® standard
tables amongst a lot of other things.
To benefit from these new implementations, and to make sure that

Enhancement for table access control- S_TABU_NAM

Tue, 11 Jan 2011 21:50:53 +0100

NOTE JANUARY 2011

Enhancement for table access control: S_TABU_NAM

Given the high criticality and increasing complexity related to table access –
SAP® has introduced a new authorization object for a more refined
table access control.
The authorization object S_TABU_NAM was introduced last year.
This authorization object consists of two fields ACTVT (Activity)
and TABNAME (name of table or view).