SAP Basis vs SAP Security: What Are They, Differences, and More


“An SAP system administrator ensures that the Basis components of every SAP system and their functions are working correctly during live operation.”
SAP Administration: Practical Guide, p. 17 Galileo Press, 2011.

SAP Basis

SAP Basis is landscape administration for all SAP environments. It is designed to keep all of the different systems in the landscape working at optimum efficiency— all the time. SAP Basis installs and configures all SAP systems and components, backs up and restores data, troubleshoots issues, and manages batch jobs. In addition, SAP Basis configures SAP’s transportation management system (TMS). Generally, it does everything from installing and configuring printers and other devices to running and managing the entire SAP ERP foundation.

SAP Security

SAP Security is user administration in SAP for all the modules and work areas. SAP Security governs what data and processes users can access inside an SAP landscape. It negotiates all the tools, processes, and controls that exist to restrict access to various places within the SAP landscape so that a user has precisely the information needed to do their job, no more and no less. SAP Security analyzes and anticipates what access is needed and disallows viewing or altering other data. By designating access via a role or a position rather than a person, it accommodates easier flow of information while maintaining security.

History – SOX

The functions of SAP Basis and SAP Security used to be combined into one role. However, in the early 2000s, they became decoupled. It became more and more apparent that a unique system was needed to focus exclusively on internal security. On July 30, 2002, a federal law called Sarbanes-Oxley (SOX) was enacted that made companies responsible for the information they reported. The most controversial element of this act was Section 404 that required management and external auditors to report on the adequacy of a company’s internal control over financial reporting.

History – Segregation of Duties

SAP stores and processes all kinds of data, including financial data, and segregation of duties (SoD) are crucial when dealing with different job positions and responsibilities within a company. SoD means that the set of roles/responsibilities should be assigned in such a way that no one individual should have end-to-end access rights over any function. An employee should not have responsibility for more than one of these three transactions components: authorizing transactions (approval), recording transactions (accounting), and handling the related asset (custody).

SAP Basis and SAP Security Now

Before 2006, SAP Security was a synonym for SOX and SoD, even though it was only a small part of SAP Security. Since then, SAP Security has developed into a complex and ever evolving system to guarantee the integrity of all the data within the SAP landscape. SAP Security can grant full access to particular sets of data to users without allowing them to view others. Alternatively, it can allow them full access to some sets of data, altering ability to other sets of data, and denying access to still other sets of data, and every combination thereof. SAP Security not only makes certain that your business is complying with all federal laws and regulations, it sets up the framework for your employees doing their jobs using the soundest business practices.

Just imagine SAP Basis as the President and his cabinet dealing with the large-scale issues facing the country. SAP Security works more like the Department of Homeland Security and the police forces throughout the country. They make sure we are all safe and can go about our day-to-day lives without fear.