• Post Author:

6 Shocking Discoveries about SAP Authorizations

Here are 6 harsh realities that we discovered from our customers: 1. Users are still using SAP_ALL Power Profiles Although SAP doesn’t recommend using the power profile SAP_ALL, many organizations are still using it. They should definitely not. This authorization…

Continue Reading 6 Shocking Discoveries about SAP Authorizations
  • Post Author:

The Curse of the Unused: Z_UNUSED_TCODE and Y_UNUSED_ROLE

In 1914, American judge Louis Brandeis coined the famous quote “Sunlight is said to be the best of disinfectants,” and it has proven to be most accurate in 2014 too. Many of our current and potential clients fear what may…

Continue Reading The Curse of the Unused: Z_UNUSED_TCODE and Y_UNUSED_ROLE

Do You Understand the Meaning of Behavior-Based Profiling?

Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly? Our customers often understand the benefits of our products: how they save time, increase security and lower costs. However when it comes to the hows,…

Continue Reading Do You Understand the Meaning of Behavior-Based Profiling?
  • Post Author:

Take Your Hands off of SAP T-Code SU01!

In many organizations, the access to the sensitive SAP T-Code SU01 is much wider than needed. Let’s explore why. SU01 is used for different purposes, most commonly to create new user accounts, reset users’ passwords and Lock/Unlock user accounts. System…

Continue Reading Take Your Hands off of SAP T-Code SU01!
  • Post Author:

Eliminating the Wrong Guy…

A couple of years ago, we included a “Lock User” button feature into our security product. If you received a “very high” alert, you could log into the system, catch the fraud in action, press the “Lock User” button and…

Continue Reading Eliminating the Wrong Guy…
  • Post Author:

The SAP Security Paradox: Irregular User Activity

“How Many Times?” We, and our partners, often ask ourselves that very question after hearing case after case of employee fraud being committed at an enterprise. How many times will these companies endure suspicious activity by their employees before they…

Continue Reading The SAP Security Paradox: Irregular User Activity

The Dreaded SAP_ALL Power Profile

How you can maintain GRC compliance if you have users with dangerous SAP_ALL? The authorization profile, SAP_ALL has such vast amounts of authorizations inside that it is mistakenly known as “the profile that can grant everything in the SAP system”.…

Continue Reading The Dreaded SAP_ALL Power Profile
Page 3 of 3
1 2 3