RE: [sap-security] Risk of Developer Key in Production if Production Client is set to "Not Modifiable"
Posted by
Admin at
|
Share this post:
|
|
0 Comments
 | Posted by Lars-Erik Hallsten (CEO & Senior Consultant) on May 13 at 5:50 PM |  Mark as helpful |
Hi,
I might be misunderstanding the issue here, but in 99% of all SAP environments the DEV and QA system will be assigned to the same installation numbers as the PROD system. The Developer Key is created per installation number, so if the user has the Developer Key for DEV he has also got the Dveleoper Key for PROD. So I think it would be better to make sure the users aren't assigned to the S_DEVELOP authorization object, rather than try figuring out how to apply restriction to the Developer Key.
Regards,
LEH
From: Sonia via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: 13. mai 2010 23:40
To: Lars-Erik Hallsten
Subject: Re: [sap-security] Risk of Developer Key in Production if Production Client is set to "Not Modifiable"
Posted by Sonia (Sap Bas and Security Design Consultant)
on May 13 at 5:37 PM Mark as helpful
Jeff,
Why will you give developer key access in production system.? If you are
giving developer key access in prod then be prepared to give your
justification to auditors.
Thank you,
Sonia
On Tue, Apr 27, 2010 at 8:25 PM, Jeff McDaniel via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by Jeff McDaniel
> on Apr 27 at 8:33 PM
> Hi Experts, What is the risk of having a developer key in production if the
> production client is set to "Not modifiable" via SCC4 and SE06? Is there any
> or does the client settings mitigate any risk of having a developer key in
> production? Thanks in advance.
__.____._ I might be misunderstanding the issue here, but in 99% of all SAP environments the DEV and QA system will be assigned to the same installation numbers as the PROD system. The Developer Key is created per installation number, so if the user has the Developer Key for DEV he has also got the Dveleoper Key for PROD. So I think it would be better to make sure the users aren't assigned to the S_DEVELOP authorization object, rather than try figuring out how to apply restriction to the Developer Key.
Regards,
LEH
From: Sonia via sap-security [mailto:sap-security@Groups.ITtoolbox.com]
Sent: 13. mai 2010 23:40
To: Lars-Erik Hallsten
Subject: Re: [sap-security] Risk of Developer Key in Production if Production Client is set to "Not Modifiable"
Posted by Sonia (Sap Bas and Security Design Consultant)
on May 13 at 5:37 PM Mark as helpful
Jeff,
Why will you give developer key access in production system.? If you are
giving developer key access in prod then be prepared to give your
justification to auditors.
Thank you,
Sonia
On Tue, Apr 27, 2010 at 8:25 PM, Jeff McDaniel via sap-security <
sap-security@groups.ittoolbox.com> wrote:
> Posted by Jeff McDaniel
> on Apr 27 at 8:33 PM
> Hi Experts, What is the risk of having a developer key in production if the
> production client is set to "Not modifiable" via SCC4 and SE06? Is there any
> or does the client settings mitigate any risk of having a developer key in
> production? Thanks in advance.
Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
Related Content
In the Spotlight
White Papers
In the Spotlight
Your SAP Security is at Risk...Learn How to Stay Protected. Read the free white paper from SenSage
View this thread online
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
Manage group e-mails
Create an FAQ on this topic
Tell us what you think
Unsubscribe from discussion
