Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Security Blueprint phase

Go to solution
Former Member

‎03-26-2008 10:20 PM

0 Kudos

According to my knowledge,

Implementation project can divided into following Phases:

1)Project preparation

2)Business Blueprint

3)Realization

4)Final Preparation

5)Go-Live & Support

During the BluePrint Phase we create a visual model of future state after

implementing R/3.

What is role "Q&A Db tool" in this Blueprint phase?

Is the Authorization Matrix(which specifies Role,transaction,respective Objects with field values) created using the "Q&A Db tool"?

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎03-31-2008 3:35 PM

0 Kudos

Hi,

The "Q&A Db tool" helps analysing various scenerios,their impact from the security perspective.

For example, a scenerio can be " the Field Sales officers need to create the Customer M/Data remotely".This is a business requirement.

The Q&A helps to discuss the various ways of doing this -thro'VPN etc-,various controls - Labels for example-,the good and bad implication of this - remote cretaion of M/data-,the ways to remediate the associated security weaknesses and so on.This is its Role in the Blueprint phase.

SOD which analyses conflicting roles,Compensatory control is the main drivers in devising the access control.

The "Q&A Db tool" helps to create the "Authorization Matrix",as the Q&A covers the conflicting roles and the Compensatory control ,thus SOD aspects also.

Regards,

Ramesh

4 REPLIES 4

Go to solution
Former Member

‎03-31-2008 3:35 PM

0 Kudos

Hi,

The "Q&A Db tool" helps analysing various scenerios,their impact from the security perspective.

For example, a scenerio can be " the Field Sales officers need to create the Customer M/Data remotely".This is a business requirement.

The Q&A helps to discuss the various ways of doing this -thro'VPN etc-,various controls - Labels for example-,the good and bad implication of this - remote cretaion of M/data-,the ways to remediate the associated security weaknesses and so on.This is its Role in the Blueprint phase.

SOD which analyses conflicting roles,Compensatory control is the main drivers in devising the access control.

The "Q&A Db tool" helps to create the "Authorization Matrix",as the Q&A covers the conflicting roles and the Compensatory control ,thus SOD aspects also.

Regards,

Ramesh

Go to solution
Former Member
In response to Former Member

‎03-31-2008 10:57 PM

0 Kudos

Hi Ramesh,

Who is responsible for this..I mean are functional or security guy are responsible for this Q&A db tool?

Thankyou,

Ajit

Go to solution
Former Member
In response to Former Member

‎03-31-2008 11:03 PM

0 Kudos

Ofcouse the Security guy but he would need help from the functional team.

Go to solution
Former Member
In response to Former Member

‎03-31-2008 11:09 PM

0 Kudos

Thankyou ALL.