ALL >> Hardware-Software >> View Article
Rbac-abac Hybrid Approach To Improve Sap Field-level Security
RBAC-ABAC Hybrid Approach to Improve SAP Field-Level Security
Role-based access controls (RBAC) are now being deployed by companies that use ERP systems. These controls balance data access rights with resources for job functions and offer a system of data governance. But with a large remote workforce in the current scenario, businesses need to implement a more robust and dynamic access control strategy.
Attribute-Based Access Controls
An organization can integrate additional contexts such as geo-location, time of day, IP address, etc. with attribute-based access controls (ABAC). An instance of that is the SAP ABAC. This ensures that the resources are accessed only by approved users, and it simultaneously prevents users from having more access than they need.
Such granular, data-centered access privileges help organizations ensure that users do not have access to sensitive ERP data, minimizing the possible adverse effects of hacker intrusion into the corporate network.
RBAC+ABAC Hybrid Approach to Data Security
Let us now see how a combination of RBAC and ABAC can ...
... ensure security at the field level.
Consider an MNC with branches in many countries. Now, let's assume that the corporation has a policy that allows every 'Accounts Manager' worldwide to access the basic details of vendor payments. Still, only an 'Accounts Manager' who is a US citizen and works in a US region can access specific data (payments made to US-based vendors, for example). In this case, several of the fields will need to be shielded from users who do not meet the citizenship and location requirements.
Note that here, apart from the user's role (Accounts Manager), the citizenship of the user and his status must also be considered before any vendor payment data can be shown.
In traditional implementation under RBAC, what does a company do to fix this issue?
A company typically following the old RBAC model would create roles for different countries for the 'Accounts Manager' and then another set of roles for the citizenship of the customer. Note that the 'Location' attribute of the user cannot be supported at the time of access.
A role-based approach cannot be scaled-up and becomes cumbersome to manage in a broad user-population sector, despite the absence of 'Location' support. Besides, if policy modifications allow for permitted exceptions, all the things created to address the policy must be changed.
Now, to simplify implementation, let's consider implementing an approach that includes both RBAC and ABAC (for example, SAP ABAC).
In this hybrid approach, we will create one position for the 'Accounts Manager.' For all Accounts Managers worldwide, this will be common across the business. The user's individual attributes are other attributes such as Company Codes, Offices, and Citizenship. And 'Location' can be seen as a dynamic attribute.
These user attributes can be made available for determining access controls and maintaining field-level protection in attribute-based access control.
Ideally, the behavior of Views/Fields should be determined based on the runtime attributes of the users attempting to access the transactions.
There are three levels of attributes that will decide the behavior of screen objects when we consider developing a field-level protection solution for controlling data access:
1) Identity- e.g., Roles, Citizenship, Skill level
2) Context- e.g., Location, Type of device
3) Content- e.g., Employee data
In this model, the paradigm shift is that the behavior of the business object Fields/Views is not controlled by roles alone but by three sets of attributes, allowing us a much more complex and more granular control of data from business objects. This is a more scalable solution, and dynamic changes can be supported.
Despite all of the above characteristics, there is still scope for a data breach, as demonstrated by the recent increase in phishing attacks across organizations. It is, therefore, vital for businesses to invest in additional data security platforms to provide comprehensive data protection.
Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.
Add Comment
Hardware/Software Articles
1. Why Are Telehealth Software Solutions The Key To Modern Healthcare Evolution?Author: Purnima Mistry
2. Harnessing Alumni Networks For Effective Student Recruitment
Author: Brenda Joyce
3. Your Gateway To Seamless Whatsapp Communication
Author: Jeet Hanani
4. Complete Guide To Online Car Rental Software For Rental Business Owners
Author: RentAAA
5. Top 7 Benefits Of Amazon Web Services
Author: Sataware
6. Top 8 Marketing Challenges & Solutions
Author: Byteahead
7. Simplify Your Billing Process With E-invoicing Software
Author: nagaraj
8. Using Online Video Collaboration Tools To Revolutionize Workflow
Author: ayush
9. Top 6 Reasons Progressive Web App Will Be The Future Of Apps
Author: Bella Stone
10. Why Inventory Management Software Is Important For Small Businesses
Author: nagaraj
11. Scrape Ubereats Menu Data With Calories For Ontario And Michigan
Author: Devil Brown
12. Best Place For Apple Device Repairs In Lahore, Apple Force
Author: Abdul Maalik
13. Top 5 Tips To Reduce Mobile Game Development Costs
Author: Bella Stone
14. The Complete Handbook Of 2024 Creative Approval Software
Author: ayush
15. S10.ai: Ai Medical Scribe | Better Patient Care | 99% Faster
Author: John Wick