Archive | News RSS for this section
June 2, 2014  

IAM temperature check by Deloitte

maximum-service-temperature_largeBased on 19 current IAM projects around the globe Deloitte Australia create a temperature check on the IAM market. It’s not a very comprehensive report, but it gives a good indication of how the IAM market and the current projects are dealing with the growing challenges of identity and access management.

I can 3 see three important conclusions from the report.

  1. Even though many organizations are trying to involve the line of business IAM remains an IT challenge. Especially the CISO has IAM within his domain of responsibility. Just as interesting IT is also the main area for funding the IAM projects
  2. IAM is still a matter of getting users on to the system, governance around e.g. SoD is only true for about 50% of the IAM projects
  3. When looking at the software solutions we are still looking at a very diverse landscape. No supplier really has a tight hold on the clients. The study shows that all of the main IAM suppliers all have more or less the same number of projects

http://www2.deloitte.com/dk/da/pages/risk/articles/Temperaturmaaling-paa-Identity-Access-Management-omraadet.html

February 24, 2014  

SAP: Table Access Management

A small change with big effect fra SAP has come in the area of table security.

SAP standard solution for table security has always been to group tables into authorization groups, which users then where granted access to using object S_TABU_DIS. Thereby granting access to all tables in the authorization group. For many years this has been the only standard solution for management of table authorizations.

A clear disadvantage has always been; what criteria should the table groups be based on? Criticality? Business area? Or something else? Regardless, management of the table groups means spending many resources on management of the table structure.

SAP’s solution is the introduction of security management on table name basis. So instead of grouping tables in authorization groups and then granting access to them, SAP has now made it possible to utilize S_TABU_NAME and directly assigning access to a specific table.

FANTASTIC!

See SAPs description in the below link or OSS note 1481950

http://help.sap.com/saphelp_nw73/helpdata/en/4c/a0ac7a68243b9ee10000000a42189b/frameset.htm

“To also protect tables that are not assigned to an authorization group, you can also use the authorization object S_TABU_NAM. It is integrated into the authorization check of the central function module VIEW_AUTHORITY_CHECK. In this case, the system first checks S_TABU_DIS. If this authorization check is not successful, the system also checks S_TABU_NAM.”