Aglea founded in 2003 specializes in SAP security management. Security Analyzer is Aglea's software that analyzes SAP user authorizations and roles. It downloads security data from SAP, imports it into Microsoft Access, and generates over 100 reports to analyze authorizations, segregation of duties risks, and role-to-user mappings. Security Analyzer is customizable, quick to install, and helps identify non-compliance and remediate SAP security issues.

1. 30 marzo 2009 – ANDREA CAVALLERI
11 1

2. The company
Aglea was founded in 2003 as a company specializing
in the management of users and authorizations of the
SAP world
Work directly or beside major System Integrator
AGLEA is part of APL Italian SpA, owner of the
software "SOFIA" ® (portfolio manager titles Banks
and Insurance)
29.9.09
Security Analyzer
22 2

3. Le competenze
I FOCUS:
Consulting
SAP Security project
New implementations
Authorizations review based on RBE (Reverse Business Engineering)
Authorizations upgrade
Auditing
Sarbanes Oxley / Dlgs 231/2001 / L 262/2005 Dlgs 196/2003
Segregation of Duties
Risk management
Sod Anlysis
Software
Security Analyzer
29.9.09
Security Analyzer
33 3

4. Security Analyzer
Security Analyzer (SA) is the application that manages
the SAP Security (users and authorization)
Is formed by
two ABAP that download security information from a
SAP System
a Microsoft Access application for import and process
data
SA is compatible with SAP systems starting from release
4.6 of R/3
29.9.09
Security Analyzer
55 5

5. Strengths
S.A. :
Customizable. This means it can be adapted to specific
customer requirements
Lets cross our authorizations with the statistics, even in the
SOD analysis
SOD tab contains an SoD matrix of risks (based on
transactions SAP R/3-ECC)
Performs special analysis that help identify "noncompliance" to use the profile generator
Is very quick to install and use
Allows you to make retrospective analysis
Is fully developed by Aglea, which operates exclusively in
the consulting SAP security
29.9.09
Security Analyzer
66 6

6. Integrazione con GRC
SA is not an alternative to the SAP GRC Access
Control. The “point of contatc” is in the SOD
Security Analyzer is ideal for analyzing a SAP system
in review of authorizations and monitoring role model
adopted
Reporting of SA is complementary to the GRC and is
particularly useful when REMEDIATION
29.9.09
Security Analyzer
77 7

7. Security Analyzer
After installing the two reports in ABAP system to analyze the
process of documentation and analysis is very simple
Extracting data from SAP (53 + tables usage statistics) and
place in a directory
Design (one time) of a project in SA and customize your
settings
Importing data into SA
Generation of reports needed
Conducting analysis more specific
analysis on authorizations (a “SUIM” more powerful)
analysis of SOD-based transactional
29.9.09
Security Analyzer
88 8

8. Project definition
The first action is to
create a project
With a client SAP
SA can keep data on
line for one system
at a time
29.9.09
Security Analyzer
99 9

9. Project definition
Form in which you can specify the specific attributes of project
29.9.09
Security Analyzer
1010
10

10. Importazione
Rapid import (about 15
minutes)
of
data
exported from SAP
You can even import
some tables, divided by
subject
A
dedicated
LOG
provides
useful
information
on
any
problems encountered
during the import
29.9.09
Security Analyzer
1111
11

11. Reports
Mask for the opening of
the output
you can:
• obtain a query to be
exported to Excel
•directly save xls
•print report format
(PDF), choosing among
the more than 100
models currently
29.9.09
Security Analyzer
1212
12

12. Reports
29.9.09
Security Analyzer
1313
13

13. Reports
29.9.09
Security Analyzer
1414
14

14. Organizational Analysis
If the scenario is
implemented HR, can
be analyzed off-line
organizational structure
There are specific
information and
features not available
directly from SAP
29.9.09
Security Analyzer
1515
15

15. Indicators
The main
information of the
Security are
summarized in a
single screen.
Con essa è possibile
supervisionare lo
stato di salute del
sistema in pochi
minuti
29.9.09
Security Analyzer
1616
16

16. Auditing
Can do analysis in the
audit focused on
authorization objects
You can create as
many audits by
excluding from
analysis any blocked
users or SAP_ALL and
SAP_NEW
29.9.09
Security Analyzer
1717
17

17. Auditing
The details are specified in the
affected and the values to be
found
You can enter up to 3 values in
"OR".
29.9.09
Security Analyzer
1818
18

18. SOD Analysis
The analysis of SOD may be conducted on 5 items SAP
1.
Composite role(Job Role)
2.
Simple role (Task), Menu tcode level
3.
4.
Simple role (Task), Authorizations tcode level (S_TCODE)
Permissions assigned to the user (User). In this case, if a user has a permission
on S_TCODE range or with asterisks, are still identified all transactions
matching
Transactions statistics used.
This feature allows you to
act quickly on the real risks
and then into the potential
5.
You can also generate an additional
SOD matrix-based Job Roles.
29.9.09
Security Analyzer
1919
19

19. SOD Analysis
29.9.09
Security Analyzer
2020
20

20. SOD Analysis
29.9.09
Security Analyzer
2121
21

21. Mapper
The function mapper lets you find the best set of roles (chosen from a list
of "candidates") to be assigned to a user based on his statistics
29.9.09
Security Analyzer
2222
22

22. Mapper
Creating a composed role - identifying TASK
29.9.09
Security Analyzer
2323
23

23. Mapper
Mapping users and roles according to statistics
29.9.09
Security Analyzer
2424
24

24. Version and Licensing
29.9.09
Security Analyzer
2525
25