SAP Security & GRC

Soterion

Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, helping you on your journey to effective access risk management in SAP.Soterion is an international leading provider of GRC and FUE Licensing solutions for organisations running SAP. Our user-friendly, plug-and-play software integrates immediately into the SAP environment — S/4HANA ready, award-winning, and designed to translate complex GRC processes into business-friendly language. Soterion believes that effective GRC is measured by how well business users can manage access risk. Our solutions empower organisations to enhance risk awareness, drive better decision making, and build accountability across every level of the business — because access risk is business risk.

  1. 1 ngày trước

    How to Set Up and Analyse STUSERTRACE

    Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  In this episode, Ross Robertson walks through the SAP User Authorisation Trace (STUSERTRACE) – a long-term authorisation trace that records unique authority checks per user in the background, making it invaluable for everything from day-to-day authorisation management to full role redesigns. Where STAUTHTRACE (covered in E09) captures a short window of activity, STUSERTRACE keeps a long-term history you can analyse months – even a year – later.  🔑 Key Takeaways:  What STUSERTRACE is and how it differs from the short-term STAUTHTRACE How it stays lightweight by logging each unique authority check only once per user How to activate it via the auth/authorization_trace profile parameter – and why you set it in both the dynamic (RZ11 / RZ10) and static (RZ10) profiles Parameter values explained: N (off), Y (active, no filter), F (active with a filter) – and why Soterion recommends F with exclusions Which users and authorisation objects to exclude (e.g. high-volume objects with constantly changing fields like order numbers) to protect system performance How to evaluate results by user, application type, authorisation object, check result, CDS entity, and date range Real consulting use cases: building SU24 authorisation defaults from real usage and excluding developer / firefighter activity from business-as-usual role design  Featuring:  Ross Robertson – Senior SAP Authorisations Consultant, Soterion

    19 phút

Giới Thiệu

Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, helping you on your journey to effective access risk management in SAP.Soterion is an international leading provider of GRC and FUE Licensing solutions for organisations running SAP. Our user-friendly, plug-and-play software integrates immediately into the SAP environment — S/4HANA ready, award-winning, and designed to translate complex GRC processes into business-friendly language. Soterion believes that effective GRC is measured by how well business users can manage access risk. Our solutions empower organisations to enhance risk awareness, drive better decision making, and build accountability across every level of the business — because access risk is business risk.