ALL >> Hardware-Software >> View Article
Rbac-abac Hybrid Approach To Improve Sap Field-level Security
RBAC-ABAC Hybrid Approach to Improve SAP Field-Level Security
Role-based access controls (RBAC) are now being deployed by companies that use ERP systems. These controls balance data access rights with resources for job functions and offer a system of data governance. But with a large remote workforce in the current scenario, businesses need to implement a more robust and dynamic access control strategy.
Attribute-Based Access Controls
An organization can integrate additional contexts such as geo-location, time of day, IP address, etc. with attribute-based access controls (ABAC). An instance of that is the SAP ABAC. This ensures that the resources are accessed only by approved users, and it simultaneously prevents users from having more access than they need.
Such granular, data-centered access privileges help organizations ensure that users do not have access to sensitive ERP data, minimizing the possible adverse effects of hacker intrusion into the corporate network.
RBAC+ABAC Hybrid Approach to Data Security
Let us now see how a combination of RBAC and ABAC can ...
... ensure security at the field level.
Consider an MNC with branches in many countries. Now, let's assume that the corporation has a policy that allows every 'Accounts Manager' worldwide to access the basic details of vendor payments. Still, only an 'Accounts Manager' who is a US citizen and works in a US region can access specific data (payments made to US-based vendors, for example). In this case, several of the fields will need to be shielded from users who do not meet the citizenship and location requirements.
Note that here, apart from the user's role (Accounts Manager), the citizenship of the user and his status must also be considered before any vendor payment data can be shown.
In traditional implementation under RBAC, what does a company do to fix this issue?
A company typically following the old RBAC model would create roles for different countries for the 'Accounts Manager' and then another set of roles for the citizenship of the customer. Note that the 'Location' attribute of the user cannot be supported at the time of access.
A role-based approach cannot be scaled-up and becomes cumbersome to manage in a broad user-population sector, despite the absence of 'Location' support. Besides, if policy modifications allow for permitted exceptions, all the things created to address the policy must be changed.
Now, to simplify implementation, let's consider implementing an approach that includes both RBAC and ABAC (for example, SAP ABAC).
In this hybrid approach, we will create one position for the 'Accounts Manager.' For all Accounts Managers worldwide, this will be common across the business. The user's individual attributes are other attributes such as Company Codes, Offices, and Citizenship. And 'Location' can be seen as a dynamic attribute.
These user attributes can be made available for determining access controls and maintaining field-level protection in attribute-based access control.
Ideally, the behavior of Views/Fields should be determined based on the runtime attributes of the users attempting to access the transactions.
There are three levels of attributes that will decide the behavior of screen objects when we consider developing a field-level protection solution for controlling data access:
1) Identity- e.g., Roles, Citizenship, Skill level
2) Context- e.g., Location, Type of device
3) Content- e.g., Employee data
In this model, the paradigm shift is that the behavior of the business object Fields/Views is not controlled by roles alone but by three sets of attributes, allowing us a much more complex and more granular control of data from business objects. This is a more scalable solution, and dynamic changes can be supported.
Despite all of the above characteristics, there is still scope for a data breach, as demonstrated by the recent increase in phishing attacks across organizations. It is, therefore, vital for businesses to invest in additional data security platforms to provide comprehensive data protection.
Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.
Add Comment
Hardware/Software Articles
1. Financial Consolidation Software: A Necessity In Today’s Complex Financial WorldAuthor: BiCXO
2. Mobile Application Development Company: Innovating For The Future
Author: Quickway Infosystems
3. 2025's Top Choice For Casino Entrepreneurs: 7bitcasino Clone Script
Author: aanaethan
4. Online Admission Management Software
Author: Aditya Sharma
5. The Role Of Technology In Enhancing Student Retention
Author: Brenda Joyce
6. Capcut Template New Trends: A Glimpse Into The Future Of Video Editing
Author: Oliver Nash
7. Understanding Canva Mod: Is It Worth The Hype?
Author: Mason Brooks
8. How Custom Software Development Companies Are Revolutionizing Industry Solutions
Author: Digileap
9. Fintech Development Services: Catalyzing Innovation In Financial Technology
Author: Digiprima Technologies
10. Freight Forwarding Software: Revolutionizing Global Trade With Seaknots It
Author: seaknotsit
11. How Automatic Gst Compliant Invoice Generation Will Help Your Business?
Author: Bhumish Seth
12. Streamlining Prototyping With Cnc Router Technology
Author: CncRouter
13. Hp Laptop Screen Replacement In Malad
Author: Aquila IT Solutions
14. From Concept To Creation: Cnc Routers For Precision Prototypes
Author: CncRouter
15. The Benefits Of Custom Crm Development For Modern Enterprises
Author: Ashapura Softech