Augment Your Controls Around the Management of SAP Developer Keys
- by Anurag Barua, Independent SAP Advisor
- April 29, 2011
Learn how to strengthen your organization’s management of SAP development and object key controls to ensure that your system security and application security are not compromised.
The SAP Software Change Registration (SSCR) requires all SAP standard repository objects to be registered centrally via the SAP Service Marketplace portal before they can be modified. The SSCR also restricts developers from doing any work before being registered in the SAP Service Marketplace. A 20-digit key is generated after objects or developers have been registered.
As companies implement various SAP applications and modules, sooner or later they reach a point when standard functionality cannot meet some of their specific business requirements. In a vast majority of these circumstances, SAP enables users to customize applications in IMG menus or to create custom code (and other objects). However, sometimes companies cannot realize their specific business needs by using these customization techniques and have to adopt a last resort—changing standard SAP code (or for that matter, any object that is part of standard SAP-delivered software).
I will introduce you to the key mechanisms that SAP uses to impose controls over changes to standard SAP software. I will then share with you recommendations and best practices on how you can augment these controls. Companies do an unsatisfactory job of managing the ability to make changes to standard SAP functionality, and as a result, system and application security is compromised, and audit concerns arise.
Would you like to see this full item?