Augment Your Controls Around the Management of SAP Developer Keys

  • by Anurag Barua, Independent SAP Advisor
  • April 29, 2011
Learn how to strengthen your organization’s management of SAP development and object key controls to ensure that your system security and application security are not compromised.
Key Concept
The SAP Software Change Registration (SSCR) requires all SAP standard repository objects to be registered centrally via the SAP Service Marketplace portal before they can be modified. The SSCR also restricts developers from doing any work before being registered in the SAP Service Marketplace. A 20-digit key is generated after objects or developers have been registered.

As companies implement various SAP applications and modules, sooner or later they reach a point when standard functionality cannot meet some of their specific business requirements. In a vast majority of these circumstances, SAP enables users to customize applications in IMG menus or to create custom code (and other objects). However, sometimes companies cannot realize their specific business needs by using these  customization techniques and have to adopt a last resort—changing standard SAP code (or for that matter, any object that is part of standard SAP-delivered software). 

I will introduce you to the key mechanisms that SAP uses to impose controls over changes to standard SAP software. I will then share with you recommendations and best practices on how you can augment these controls. Companies do an unsatisfactory job of managing the ability to make changes to standard SAP functionality, and as a result, system and application security is compromised, and audit concerns arise.

Anurag Barua

Anurag Barua is an independent SAP advisor. He has 23 years of experience in conceiving, designing, managing, and implementing complex software solutions, including more than 17 years of experience with SAP applications. He has been associated with several SAP implementations in various capacities. His core SAP competencies include FI and Controlling FI/CO, logistics, SAP BW, SAP BusinessObjects, Enterprise Performance Management, SAP Solution Manager, Governance, Risk, and Compliance (GRC), and project management. He is a frequent speaker at SAPinsider conferences and contributes to several publications. He holds a BS in computer science and an MBA in finance. He is a PMI-certified PMP, a Certified Scrum Master (CSM), and is ITIL V3F certified.

Anurag will be presenting at the upcoming SAPinsider BI 2017 conference, June 14-16, 2017, in Amsterdam. For information on the event, click here. He also will be a presenter at the SAPinsider Managing Your SAP Projects 2017 conference, October 24-26, 2017, in Copenhagen. For information on that event, click here.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.