[28] in Management Reporting Authorizations Team
Re: Creating a Project Description for IS Forum
daemon@ATHENA.MIT.EDU (Rocklyn E. Clarke)
Thu Jul 3 01:30:40 1997
Resent-From: "Rocklyn E. Clarke" <RCLARKE@mitvma.mit.edu>
Resent-To: MRAUTH-L List Archive <mrauth-mtg@menelaus.mit.edu>
Date: Thu, 06 Feb 97 14:22:37 EST
From: "Rocklyn E. Clarke" <RCLARKE@mitvma.mit.edu>
To: Brenda Gillingham <brendakg@MIT.EDU>
In-Reply-To: Your message of Wed, 05 Feb 1997 11:57:06 -0500
----------------------------Original message----------------------------
On Wed, 05 Feb 1997 11:57:06 -0500 you said:
>Dear Rocklyn,
> Bob Ferrara asked me to request that a project description be
>created for the project title below, in preparation for the IS forum on
>2/12. If possible, please send me a 50-100 word paragraph, by Friday 2/07,
>so it can be included in the new project list to be distributed and
>discussed at the forum.
>
>Please call me with questions / concerns. Thanks!
>
>Brenda 3-4011
>
>Name: SAP AUTHORIZATIONS
>Current Process:DELIVERY
>Project Leader: ROCKLYN CLARKE
>Customer(s): SAP COMMUNITY
>
Hi Brenda!
Here is the description you requested.
This new project originated in response to the concern by some faculty and
administrative officers that the widespread use of SAP on campus would not
adequately restrict access to purchasing information. Two ways of resolving
this situation have been proposed -- either modify SAP to eliminate this
problem or redefine traditional data visibility patterns. It is not at clear
that MIT will modify it's culture to accept this higher level of visibility
for purchasing information. Our team is therefore prototyping the most
promising of the SAP modification schemes. The solution uses locally written
"front-ends" to the native SAP transactions allowing us to minimize the
modifications to actual native SAP software. This provides a substantially
better (although not perfect) barrier between purchasing data and "unauthorized
attempts" to display it (SAP as configured already provides complete protection
against unauthorized attempts to create or modify purchasing data). Given the
current SAP architecture, complete protection against unauthorized display
attempts would require an unacceptable number of modifications to the SAP
system.
Rocklyn E. Clarke
