Upload
auditbot-sap-security-audit
View
449
Download
8
Tags:
Embed Size (px)
Citation preview
Project TeamSelva Kumar, Vice President-Product Management Selva has 13 years of progressive experience in SAP Basis and Security working for well-known companies like Eli Lilly, Accenture, SAP, Dupont, Ogilvy Mather,
Unilever, IPG NY, HMCO and the Federal Government. He has extensive experience in SAP Security, GRC Implementation and SOX
Remediation M.S. degree in Geo Eng South Dakota School of Mines and Technology USA M.Sc. in Applied Sciences from National College, IndiaAndi S. Giri, Vice President-Engineering Andi has over 15 years of experience in the IT industry. He has been involved in project delivery using security infrastructure, SAAS, Web
services, B2B integrations and EAI. MS degree in Computer Engineering University Of Maryland, USA BE in Electronics and Communication Anna University, India
Client Pain-points
Inadequate change control for User managementLack of approval/audit trail as structured dataLost time and budget remediating repeated errorsMaster record inconsistencies across SAP systemsNo self service for user password resetUnapproved access for the wrong SAP usersNo effective enforcement of roles
Current solutions
Band-aidCustomize third-party workflow tools like Lotus
NotesEmail based approvals or ticket-based (Remedy)
approvalsPaper-based approvalThrowing more resourcesInvesting in expensive third-party auditsOther high-cost tools
The OneAccess Way
Approved access to SAP SystemsOrg hierarchy-based and rule-based access controlCentralized SAP security access and policy
enforcementStreamline and automate approval processDelegate SAP access approval to local unitsAutomated creation of users in SAP System
The OneAccess Value
SOX-compliantLess resources for User managementReduced audit costsStream-lined access approvalAvoid inappropriate accessComply to corporate policyShort ImplementationValue Pricing
Architecture
Java Web application built on Spring/HibernateDeployed on any J2EE application server such as SAP Netweaver, Apache Tomcat, JBoss, Weblogic, Websphere, Sun ONEN-tier software architecture with Domain objects, Data Access Objects (DAO), Spring Controllers, JSP pages, Acegi Security, Quartz scheduler, Web 2.0 (Ajax)SAP Versions 4.6B or highterWorks on any JDBC-compliant database such as mySQL, Oracle, SQL Server, Sybase
Multi Step Approval process
Requestor ApprovalSupervisor
ApprovalSecurity Power User
Approval Role Owner
Approval Training Coordinator
User Provisioned in SAP System
PrivilegesStep1 Step2 Step3 Step4 System
Previlage Requester Site Supervisor
Site Security Power User
Role Owner Training Admin
Assign System X X X
De Assign System
X X X
Assign Role X X X
De Assign Role X X X X X
Approve Site X
Approve System
X
Approve Role X X X
Roles and responsibilities
Perform System settingsLoad master DataRun audit ReportsCreates approverTrouble shoot Problems
Approve or Deny requestCreate own requestMass approve requestReview approval status by systemChange SiteReports
Register in OneAccessAdd Request to SystemAdd Role to RequestChange SiteReset PasswordReview statusClone Request
RequesterRequester ApproverApprover AdminAdmin
Site System relationship
Attaches to Location
ECC 6.0BI 7.0
APO
Location
Role
RoleRole
Role
Role
Role
Approver