DAMA - SAP MDG: Concept #6
Dzmitryi Kharlanau❗️The Problem
You build approvals.
You design workflows.
You define ownership.
But someone downloads 10,000 customer records to Excel.
Another user changes vendor bank details — and no one notices.
Governance doesn’t protect data.
Access does.
And if you don’t secure it — you don’t control it.
🧠 What DAMA Means by Data Security
Security in DAMA is not just about firewalls.
It’s about who can see, change, move, and delete data — and under what rules.
It includes:
Confidentiality — Who is allowed to see it
Integrity — Who is allowed to change it
Availability — Who needs it and when
Traceability — Who did what, and can we prove it?
If your governance framework doesn’t enforce these — it’s just a paper policy.
Key Areas in Data Security
| Security Element | Meaning |
| Access Controls | Role-based, attribute-based, risk-based permissions |
| Authorization Rules | Who is allowed to execute what |
| Audit & Logging | Monitoring actions, change history, exception logs |
| Data Masking | Hiding sensitive fields from unauthorized users |
| Secure Transport | Protecting data in motion (SOA, APIs, etc.) |
🔧 SAP MDG: Where Security Lives
SAP MDG works on top of core SAP authorization concepts. But many projects skip this in a rush to go live.
Here’s what matters:
| Security Layer | What to Watch |
| Authorization Objects | USMD*, BUT000, field-level access |
| Sensitive Fields | Tax IDs, bank info — must be protected |
| Change Logging | CR change history, SOA logs, audit tables |
| Workflow Access | Who can approve vs who can view vs who can override |
| External Interfaces | API exposure, user roles for outbound calls |
⚠️ Red Flags
Everyone has access to everything “just in case”
Change Requests can be edited mid-process
You can’t tell who changed a critical field
Replication happens with hardcoded system users
Logs are there, but nobody looks at them
This isn’t just technical risk — it’s business risk.
🧠 Security Questions That Matter
Can any user see all customer data?
Who is allowed to download data — and how is it tracked?
How are CRs protected from tampering?
What happens if an interface is compromised?
Is your audit trail legally defensible?
If you can’t answer — you don’t have security.
You have hope.
💬 Bottom Line
Good data is valuable.
Unprotected data is dangerous.
Security isn’t a barrier to governance — it’s the only way governance works.
You don’t control what you can’t protect.
Subscribe to my newsletter
Read articles from Dzmitryi Kharlanau directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Dzmitryi Kharlanau
Dzmitryi Kharlanau
SAP Logistics Consultant with 10+ years of experience in SAP SD, SAP MM, SAP LE, and SAP IS-Automotive. Skilled in SAP system support, integration, and process improvements. Achievements ✔️ Delivered custom logistics solutions, overseeing the entire process from concept to go-live. ✔️ Achieved SLA compliance in JIT environments, managing tasks from requirements to release independently. ✔️ Resolved complex issues swiftly, minimizing downtime and optimizing efficiency. Interests: Motivated to work with 🔧 S/4HANA SD, MM, BTP, and ABAP, taking responsibility for end-to-end solutions.