The typical business application’s role-based access control (RBAC) security model provides poor dynamic transaction level policy control enforcement. In this video demonstration, you’ll see how to enforce transaction level controls in SAP using attribute-based access controls(ABAC). You’ll also see how Pathlock’s analytics platform, Appsian360, allows you to monitor user behavior around those transactions and spot deviations from normal behavior.
Gartner recommends transitioning from the static RBAC security to Adaptive Security found in an Attribute-Based Access Control (ABAC) security model. ABAC allows you to set controls based on policies and enforce that control at the transactional level or at the field level. The good thing about this is we can enforce transaction level controls in one place, and we can make it work across the different transactions. In other words, it’s a one-to-many level of control.
You can then use Appsian360 to monitor the most often run transactions, where they are most frequently run from, and the active status of these transactions.
Adaptive security is an approach to managing security that analyzes behaviors and events to protect against and adapt to threats before they happen. With an adaptive security architecture, an organization can continuously assess risk and control effectiveness monitoring and automatically provide proportional enforcement that can be dialed up or down to fit its need.
Contact us today for a full demonstration on how to implement policy controls at the transaction level in your ERP applications.
Share