Unclear responsibilities, especially between business and IT
Security Automation for SAP Security Checks
The same applies to the concept of data ownership. Here, a person takes responsibility for the data of a certain scope (e.g., SAP system X or system landscape Y) and looks after it as if it were his own precious possession. He or she conscientiously answers questions such as "May data be changed / viewed / deleted?", "How is action taken in the event of a data leak?", "Who may access the data and how, and what may be done with it?".
As part of the use of a HANA database, you should protect both the execution of HANA database functions as well as the reading or altering access to the data stored in the database by appropriate permission techniques. Essential to the permission technique are database objects such as tables and views - which allow access to the stored data - as well as executable procedures and users. The specific HANA-specific permissions assigned to a user are referred to as privileges in the HANA context.
Module
The data that is regulated by the structural authorizations must be hierarchically structured in one of the personnel development components. This could be Organizational Management or Personnel Development, for example. Access can thus be regulated relative to the root object within the hierarchical structure.
The possibility of assigning authorizations during the go-live can be additionally secured by using "Shortcut for SAP systems".
The website "www.sap-corner.de" offers a lot of useful information about SAP authorizations.
Therefore, a random check of the authorization structure in this environment can be reduced to table authorizations.