SAP Solutions
- - - INVOICES AND FINANCE
    - SAP VIM
      Incoming Invoices
    - SAP DRC
      Integration with the National eInvoicing System
    - SAF-T (Standard Audit File for Tax) Cockpit for SAP
      Standard Audit File for Tax in SAP
  - - WORKFLOW AND ARCHIVING
    - SAP Archiving and Document Access
      Data and documents archiving
    - SAP Extended ECM
      Document management within business processes
  - - E-COMMERCE
    - SAP Commerce Cloud
      A comprehensive e-commerce solution
- - - SECURITY
    - SAP/SoD Authorizations
    - SAP/SIEM Monitoring
    - License Audits and Optimization
  - - ANALYTICS
    - SAP Analytics Cloud
      Business Reporting and Planning
  - - MARKETING
    - SAP Emarsys Customer Engagement
      Personalizing Customer Communication
- - - SAP Ariba
      Automation of Purchasing Processes
IT Solutions
- - - DIGITISATION OF CONTENT
    - OpenText Extended ECM
      Connecting users with information
    - OpenText Intelligent Capture
      Document Scanning, OCR
  - - SECURITY
    - Pathlock
      Access Management / Access Governance
    - Zafepass
      ZeroTrust for your Data
  - - ECOMMERCE
    - Mirakl
      Marketplace sales portal
- - - DATA AND SYSTEMS MIGRATION
    - Lukardi Data Convoy
      Data Migration Between Different Systems
    - Legacy Code Exchange
      Integration with Modern Technologies
  - - PROJECT MANAGEMENT
    - JIRA
      Monitoring and Managing Projects
  - - ROBOTIZATION OF PROCESSES
    - RPA
      Automate Repetitive Processes
Services
- - - CONSTRUCTION, DEVELOPMENT AND MAINTENANCE OF SOFTWARE
    - Application Development
    - Maintenance and Development of Existing Solutions
  - - TEST MANAGEMENT
    - Manual / Automatic Tests
Clients
- Case studies
- References
Knowledge Base
Contact
Language

SECPOL - How to Use it Safely

Lukardi > Blog > Security > SECPOL - How to Use it Safely

Security

You may already know that as of SAP 7.40 SP8, you can use SAP security policies (SECPOL) to define user-specific security parameters, as opposed to system profile values.

But did you also know that as a result, you may inadvertently weaken secure values such as login restrictions and password complexity?

Our practical tip will show you how to effectively prevent such weakness.

You can set the parameters of your security rules in a different way, according to:
1. the complexity of the password
2. password change interval
3. login restrictions

You use "SECPOL" transactions to maintain security rules, and you have the ability to define as many rules as you want.

The relationship between the "security policy marker" and system profile values at a glance:

The SU01 transaction is then used to assign for users.

But be careful, because there is a big catch!
Safety rules do not replace the value of individual profiles, but they do replace the ALL values. This means that values that are not defined in the Security Policy are not set to secure values according to RZ10 parameters, but to unsecure values in the user context. In this way, secure values such as login restrictions and password complexity can be accidentally weakened.

The following example shows such behavior:

Our experience in projects has shown that many customers do not expect this behavior from the system. The general expectation is that parameters can be set against the default settings. However, this is not the case.

Our tip for you:

Safety (SECPOL) rules should only be used if ALL values are defined in a way that is completely similar to RZ10 parameters, with only a few values being stronger or weaker.
Remember, you adjust all the safety rules by reinforcing the relevant RZ10 system parameters.

To safeguard your SAP systems, SAST SUIT provides extensive testing in the context of security rules. SAST identifies significant configuration errors and incorrect values entered in your SAP system.

Company details

ul. Tęczowa 3
60-275 Poznań
TAX ID NUMBER: 5213683072
Business Entity Identification Number: 360098885
National Court Register: 0000545448

SECPOL - How to Use it Safely

More from the category

Does it Have to be Painful to Reorganize SoD Conflicts and SAP Authorizations?

SAP Security - Where to Start from?

Backups and Cybersecurity

What should the SAP entitlement concept contain?

How to Define Authorization Concepts?

Do You Know What Authorizations Your Employees Have?

Marek Czubaszek

Menu

About us

Career

Investor Relations

Privacy Policy

Company details

Contact

contact@lukardi.com

tel: +48 733 007 830

ISO Certificate