DAMA - SAP MDG: Concept #6

❗️The Problem

You build approvals.
You design workflows.
You define ownership.

But someone downloads 10,000 customer records to Excel.
Another user changes vendor bank details — and no one notices.

Governance doesn’t protect data.
Access does.
And if you don’t secure it — you don’t control it.


🧠 What DAMA Means by Data Security

Security in DAMA is not just about firewalls.
It’s about who can see, change, move, and delete data — and under what rules.

It includes:

  • Confidentiality — Who is allowed to see it

  • Integrity — Who is allowed to change it

  • Availability — Who needs it and when

  • Traceability — Who did what, and can we prove it?

If your governance framework doesn’t enforce these — it’s just a paper policy.


Key Areas in Data Security

Security ElementMeaning
Access ControlsRole-based, attribute-based, risk-based permissions
Authorization RulesWho is allowed to execute what
Audit & LoggingMonitoring actions, change history, exception logs
Data MaskingHiding sensitive fields from unauthorized users
Secure TransportProtecting data in motion (SOA, APIs, etc.)

🔧 SAP MDG: Where Security Lives

SAP MDG works on top of core SAP authorization concepts. But many projects skip this in a rush to go live.

Here’s what matters:

Security LayerWhat to Watch
Authorization ObjectsUSMD*, BUT000, field-level access
Sensitive FieldsTax IDs, bank info — must be protected
Change LoggingCR change history, SOA logs, audit tables
Workflow AccessWho can approve vs who can view vs who can override
External InterfacesAPI exposure, user roles for outbound calls

⚠️ Red Flags

  • Everyone has access to everything “just in case”

  • Change Requests can be edited mid-process

  • You can’t tell who changed a critical field

  • Replication happens with hardcoded system users

  • Logs are there, but nobody looks at them

This isn’t just technical risk — it’s business risk.


🧠 Security Questions That Matter

  • Can any user see all customer data?

  • Who is allowed to download data — and how is it tracked?

  • How are CRs protected from tampering?

  • What happens if an interface is compromised?

  • Is your audit trail legally defensible?

If you can’t answer — you don’t have security.
You have hope.


💬 Bottom Line

Good data is valuable.
Unprotected data is dangerous.

Security isn’t a barrier to governance — it’s the only way governance works.

You don’t control what you can’t protect.

0
Subscribe to my newsletter

Read articles from Dzmitryi Kharlanau directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Dzmitryi Kharlanau
Dzmitryi Kharlanau

SAP Logistics Consultant with 10+ years of experience in SAP SD, SAP MM, SAP LE, and SAP IS-Automotive. Skilled in SAP system support, integration, and process improvements. Achievements ✔️ Delivered custom logistics solutions, overseeing the entire process from concept to go-live. ✔️ Achieved SLA compliance in JIT environments, managing tasks from requirements to release independently. ✔️ Resolved complex issues swiftly, minimizing downtime and optimizing efficiency. Interests: Motivated to work with 🔧 S/4HANA SD, MM, BTP, and ABAP, taking responsibility for end-to-end solutions.