123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Hardware-Software >> View Article

Rbac-abac Hybrid Approach To Improve Sap Field-level Security

Profile Picture
By Author: Appsian
Total Articles: 115
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

RBAC-ABAC Hybrid Approach to Improve SAP Field-Level Security

Role-based access controls (RBAC) are now being deployed by companies that use ERP systems. These controls balance data access rights with resources for job functions and offer a system of data governance. But with a large remote workforce in the current scenario, businesses need to implement a more robust and dynamic access control strategy.

Attribute-Based Access Controls

An organization can integrate additional contexts such as geo-location, time of day, IP address, etc. with attribute-based access controls (ABAC). An instance of that is the SAP ABAC. This ensures that the resources are accessed only by approved users, and it simultaneously prevents users from having more access than they need.

Such granular, data-centered access privileges help organizations ensure that users do not have access to sensitive ERP data, minimizing the possible adverse effects of hacker intrusion into the corporate network.

RBAC+ABAC Hybrid Approach to Data Security

Let us now see how a combination of RBAC and ABAC can ...
... ensure security at the field level.

Consider an MNC with branches in many countries. Now, let's assume that the corporation has a policy that allows every 'Accounts Manager' worldwide to access the basic details of vendor payments. Still, only an 'Accounts Manager' who is a US citizen and works in a US region can access specific data (payments made to US-based vendors, for example). In this case, several of the fields will need to be shielded from users who do not meet the citizenship and location requirements.

Note that here, apart from the user's role (Accounts Manager), the citizenship of the user and his status must also be considered before any vendor payment data can be shown.

In traditional implementation under RBAC, what does a company do to fix this issue?

A company typically following the old RBAC model would create roles for different countries for the 'Accounts Manager' and then another set of roles for the citizenship of the customer. Note that the 'Location' attribute of the user cannot be supported at the time of access.

A role-based approach cannot be scaled-up and becomes cumbersome to manage in a broad user-population sector, despite the absence of 'Location' support. Besides, if policy modifications allow for permitted exceptions, all the things created to address the policy must be changed.

Now, to simplify implementation, let's consider implementing an approach that includes both RBAC and ABAC (for example, SAP ABAC).

In this hybrid approach, we will create one position for the 'Accounts Manager.' For all Accounts Managers worldwide, this will be common across the business. The user's individual attributes are other attributes such as Company Codes, Offices, and Citizenship. And 'Location' can be seen as a dynamic attribute.

These user attributes can be made available for determining access controls and maintaining field-level protection in attribute-based access control.

Ideally, the behavior of Views/Fields should be determined based on the runtime attributes of the users attempting to access the transactions.

There are three levels of attributes that will decide the behavior of screen objects when we consider developing a field-level protection solution for controlling data access:

1) Identity- e.g., Roles, Citizenship, Skill level

2) Context- e.g., Location, Type of device

3) Content- e.g., Employee data

In this model, the paradigm shift is that the behavior of the business object Fields/Views is not controlled by roles alone but by three sets of attributes, allowing us a much more complex and more granular control of data from business objects. This is a more scalable solution, and dynamic changes can be supported.

Despite all of the above characteristics, there is still scope for a data breach, as demonstrated by the recent increase in phishing attacks across organizations. It is, therefore, vital for businesses to invest in additional data security platforms to provide comprehensive data protection.

More About the Author

Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.

Total Views: 277Word Count: 612See All articles From Author

Add Comment

Hardware/Software Articles

1. Financial Consolidation Software: A Necessity In Today’s Complex Financial World
Author: BiCXO

2. Mobile Application Development Company: Innovating For The Future
Author: Quickway Infosystems

3. 2025's Top Choice For Casino Entrepreneurs: 7bitcasino Clone Script
Author: aanaethan

4. Online Admission Management Software
Author: Aditya Sharma

5. The Role Of Technology In Enhancing Student Retention
Author: Brenda Joyce

6. Capcut Template New Trends: A Glimpse Into The Future Of Video Editing
Author: Oliver Nash

7. Understanding Canva Mod: Is It Worth The Hype?
Author: Mason Brooks

8. How Custom Software Development Companies Are Revolutionizing Industry Solutions
Author: Digileap

9. Fintech Development Services: Catalyzing Innovation In Financial Technology
Author: Digiprima Technologies

10. Freight Forwarding Software: Revolutionizing Global Trade With Seaknots It
Author: seaknotsit

11. How Automatic Gst Compliant Invoice Generation Will Help Your Business?
Author: Bhumish Seth

12. Streamlining Prototyping With Cnc Router Technology
Author: CncRouter

13. Hp Laptop Screen Replacement In Malad
Author: Aquila IT Solutions

14. From Concept To Creation: Cnc Routers For Precision Prototypes
Author: CncRouter

15. The Benefits Of Custom Crm Development For Modern Enterprises
Author: Ashapura Softech

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: