By Soujanya Madhurapantula. Recap from my previous SAP Security post: As we discussed last week, traditional authorization models like role based access control (RBAC) were never intended for complex use cases. These models focused on static job roles or work-group use cases and assigned permissions to data.
By Soujanya Madhurapantula. In SAP’s role-based security architecture, Users and Authorization objects are used to create profiles, such as “buyer” or “payer”, and these are used to define functional roles. As a counter measure for potential fraud, the GRC Access Control Segregation of Duties can dictate that a user should not have, for example, both … More Is Role-Based Access Control Sufficient?