SAP System Security Guide (SAP PRESS)

I am an IT auditor and bought this book to extend my knowledge of NetWeaver. It is written clearly with many figures so that readers, even when they are new to NetWeaver, can understand how SAP achieves security. Especially the chapter for authorization concept is good having plenty of examples of what you should do and shouldn't. One thing I am disappointed at is that the book does not dive deep into the differences of critical parameters such as those on SCC4 and SE06, or what particular parameters of SCC4 can protect, including explanation of repository objects and customizing tables. The system has many parameters seemingly used for the same purposes but for different purposes, leaving users anxious about the correctness of their steps taken for particular risks. This book helps us know functions available to operate NetWeaver and unfortunately remains to convince us of what the functions can do to mitigate risks surrounding ERP environments.

It is a fairly comprehensive coverage of SAP security. Worth to have this in your library if you are a SAP nerd.