6\VWHP $GPLQLVWUDWLRQ 0DGH (DV\

Chapter 11: Security AdministrationSecurity LayersLike the other layers, application security has sublayers of security, which controls: The ability to log into the application, such as logging into R/3 Where a user can go in the application What a user can do in the application What a user can do based on the system data in the application [such as the R/3 System(for example, limiting the user to company 001 and cost center 200)]R/3 security functions at this layer.This layer provides the fine or specific security of what a user can do [for example, read (notchange) accounting data for only cost center 200 in company 001].Using R/3 application tools such as: Profile Generator (transaction PFCG; for more information, see Authorizations Made Easy) Audit Information System (transaction SECR; see page 11–37) Security Audit Log (transaction SM19/SM20; see page 11–44) Delete Old Audit Logs (transaction SM18)This layer is security at the operational or user level. Because it is primarily procedures andcontrol, there are few computer or systems issues related at this level.These are organizational and people issues, which are always a problem, because peopleneed to comply with guidelines and rules. The problem is, of course, that some people neverwant to comply with guidelines.Some of the methods of operational control are: Segregation of duties Preventing sharing of user IDs Password standards Log off when away from the computer, such as during lunch or at the end of daySystem Administration Made Easy11–9