Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Thanks henrik..
Anjan Pandey
On Fri, May 28, 2010 at 4:29 AM, henrikmadsen2 via sap-security <
sap-security@groups.ittoolbox.com> wrote:
>
> Posted by henrikmadsen2 (GRC
> Consultant )
> on May 27 at 6:56 PM Our
> QA systems are being audited for SAP_ALL etc, so you would need a good
> justification, approval and evidence. But if you get that, you should be
> alright.
>
> /henrik
>
> On 27 May 2010 14:43, anjan.pandey via sap-security <
> sap-security@groups.ittoolbox.com> <http://groups.ittoolbox.com%3e/>wrote:
>
> > Posted by anjan.pandey
> > on May 27 at 12:42 AM
> > Hi Henrik
> >
> > Do we have audits being done fo quality servers. However we can have a
> ST05
> >
> > trace enabled and store its output in the request just in case auditors
> > would like to check what all activities were done while SAP_ALL was
> > assigned.
> >
> > Thanks.
> > Anjan Pandey
> >
> > On Thu, May 27, 2010 at 10:03 AM, henrikmadsen2 via sap-security <
> > sap-security@groups.ittoolbox.com> <http://groups.ittoolbox.com%3e/>wrote:
> >
> > > Posted by henrikmadsen2(GRC Consultant )
> > > on May 27 at 12:33 AM
> > > You can actually deactivate some menu items through authorisations, so
> > just
> > >
> > > get a SU53 from them, right after they start the transaction. That
> should
> >
> > > show you what is missing.
> > >
> > > The SAP_ALL option might be a bit dangerous - auditors might ask you to
>
> > > prove that nothing was done while SAP_ALL was assigned...
> > >
> > > /henrik
> > >
> > > On 27 May 2010 14:15, anjan.pandey via sap-security <
> > > sap-security@groups.ittoolbox.com> <http://groups.ittoolbox.com%3e/>wrote:
> > >
> > > > Posted by anjan.pandey
> > > > on May 27 at 12:12 AM
> > > > Hi Katherine
> > > >
> > > > Try to Test/Simulate this scenario in your quality system. Assign
> user
> > > > SAP_ALL & SAP_NEW and check if the "Log Option" is enabled back or
> not.
> >
> > > > Enable the trace for the period you have assigned SAP_ALL & SAP_NEW.
> > > > If "Log Option" gets enabled look for the trace values for the exact
> > > object
> > > >
> > > > being checked.
> > > > If it doesn't work with your functional and ABAP team to figure out
> the
> >
> > > > issue.
> > > >
> > > > Note:
> > > > Do not inform user that wide access has been assigned to their
> profile.
> >
> > > > Just
> > > > request them to check with their access.
> > > > Remove the profiles as soon as your simulation is complete.
> > > >
> > > > Thanks.
> > > > Anjan Pandey
> > > >
> > > > On Wed, May 26, 2010 at 10:58 PM, KatherineP via sap-security <
> > > > sap-security@groups.ittoolbox.com> <http://groups.ittoolbox.com%3e/>wrote:
> > > >
> > > > > Posted by KatherineP(Associate Business Analyst)
> > > > > on May 26 at 1:45 PM
> > > > > HI can anybody help me. My change log option in VL03n and VL02n are
>
> > > > grayed
> > > > > out on some of my users and not on others. I can find nothing wrong
>
> > > with
> > > > the
> > > > > authorizations in the corresponding roles. What am I missing. We
> were
> >
> > > > fine
> > > > > until we did a support pack upgrade now we are having this problem.
| __.____._ Copyright © 2010 Toolbox.com and message author.
Toolbox.com 4343 N. Scottsdale Road Suite 280, Scottsdale, AZ 85251
| | Related Content White Papers
In the Spotlight  _.____.__ |
Mark as helpful
