In a recent SAP Insider webcast, Fastpath SAP experts answered questions around building a successful security and compliance program for SAP landscapes. The team discussed everything from dealing with cross-platform audit issues to organizing around ownership, implementation and budget management of security programs.
Security And Compliance For SAP, Part 2: Handling Custom Transaction Code
This series of blogs discuss various ways in which organizations can take the frustration out of dealing with security and audits. Supported by the power of SAP and technology like Fastpath, as well as the expertise of resources, you can smooth the process. The keys include implementing processes, taking a risk-based approach, and having the right controls in place—allowing you to meet the demands of auditors and improve the efficiency, manageability, and effectiveness of your security program.
Part 1 discussed using processes and a risk-based approach, along with the power of SAP, to work smoothly with auditors. In part 2, we discuss how to handle custom transaction code.
Handling Custom Transaction Code in SAP With The Custom Code Checker
If your company has custom transaction code, how do you handle it when it comes to your SAP landscape? We have worked with countless companies that have had many Z transactions, and Fastpath has created an excellent way to handle this task.
We tie the rule sets from the segregation of duties into the custom transactions within your SAP environment. We do a deep dive with a custom code checker, which goes through all of your Z and Y transactions, programs, function modules, recursively, and anything that can occur through that transaction that we want to know about.
The key to this approach is getting it in the correct rule set. For example, if you have a Z transaction that calls VA01, and the programming didn't use the proper naming convention, we can automatically identify that the transaction calls VA01, then notify you that “VA01 is in all these rule sets." The goal is to get these Z transactions in the same rule sets, and we can do that automatically.
Another example is that we will talk to companies that are using 30 or 40 programmers to go through all the SAP code because they might be doing an upgrade to S4 HANA, and they need to identify what all the programs do.
Fastpath does this automatically. You don't have to keep going back into these codes. It's a one-time task, and it checks deltas from there on out.
Ultimately, the goal is to spend less time dealing with your security program so your IT people can focus on other areas. Using a tool like Fastpath Assure for custom transaction code is another way to accomplish this.
Interested in learning more about our custom code checker for SAP? Check out this blog.
Stay tuned for additional blogs in this series! Want them all at a glance? Check out the first blog which will have all 9 links once they are all published.