C_SEC SAP Certified Associate - Security Administrator

Detailed Content Domains

1. Authorization and Role Maintenance (21% – 30%)

This is one of the most critical sections of the exam, focusing on the Profile Generator (PFCG) and the mechanics of role-based access control.

• Authorization Concepts: Understanding the hierarchy of authorization objects, classes, fields, and values.

• PFCG Role Maintenance: Creating and modifying Single Roles, Derived Roles, and Composite Roles.

• Authorization Data: Maintaining authorization data, understanding the status traffic lights (Red/Yellow/Green), and managing organizational levels.

• Transporting Roles: Methods for moving roles between systems (Development to Production) and resolving transport conflicts.

• Role Assignments: Manual vs. automatic user assignment and indirect role assignment (e.g., via HR Org Management).

2. Governance, Compliance, and Cybersecurity (21% – 30%)

Focuses on the high-level management of risk and the frameworks used to protect enterprise data.

• SAP Access Governance: Familiarity with SAP GRC (Governance, Risk, and Compliance) tools and Segregation of Duties (SoD) concepts.

• Security Audit Log: Configuring and monitoring the SAP Security Audit Log (SAL) to track critical events.

• Data Privacy: Implementing Data Privacy Governance and ensuring compliance with regulations like GDPR.

• Cybersecurity Frameworks: Protecting the system against external threats and understanding the SAP Enterprise Threat Detection (ETD) architecture.

3. Infrastructure Security and Authentication (21% – 30%)

Covers the technical "handshake" and secure communication layers of the SAP landscape.

• Secure Communication: Implementing SNC (Secure Network Communications) for SAP GUI and SSL/TLS for web-based access.

• Authentication Methods: Configuring Single Sign-On (SSO), Multi-Factor Authentication (MFA), and SAML 2.0.

• Network Security: Understanding the SAP Web Dispatcher, firewalls, and secure gateway configurations.

• SAP Cloud Identity Services: Integration of Identity Authentication (IAS) and Identity Provisioning (IPS).

4. Public Cloud User and Role Management (21% – 30%)

Specific knowledge required for SAP S/4HANA Cloud Public Edition.

• Identity Provisioning Service (IPS): Automating user provisioning between source and target systems.

• Business Role Templates: Using SAP-delivered templates to create custom business roles in the cloud.

• IAM (Identity and Access Management) Tools: Navigating the "Maintain Business Users" and "Maintain Business Roles" apps in the Fiori launchpad.

• Restriction Types: Managing Read, Write, and Value Help restrictions within cloud roles.

5. SAP Fiori Authorizations and SAP S/4HANA (11% – 20%)

This domain bridges the gap between traditional ABAP security and the modern Fiori user experience.

• Fiori Architecture: Understanding the Front-End Server (FES) and Back-End Server (BES) roles.

• App Activation: Authorizations required to start OData services and UI5 applications.

• Catalogs and Groups: Managing Business Catalogs (technical access) and Business Groups (visual layout).

• SU24 Optimization: Maintaining check indicators for Fiori applications to automate role building.

6. User Administration (≤10%)

Standard maintenance tasks for user master records.

• User Master Records (SU01): Creating, locking, and deleting users; managing user types (Dialog, System, Service, Reference, Communication).

• Central User Administration (CUA): Configuring a central system to manage users across a complex multi-system landscape.

• User Tools: Utilizing SUIM (User Information System) for reporting and auditing user access.