[sap-security] Auditing BASIS Access in Development

Posted by Admin at

Share this post:

0 Comments

Question from kerry on Nov 4 at 9:03 AM

In a recent audit, Internal Audit noted that BASIS has access to migrate changes into production, and also has developer keys along with the ability to change programs using SE37/SE38 within the development environment. We know that BASIS is normally assigned the task of moving transports to production and also needs SE37/SE38 within the development environment to apply OSS notes. I am not sure what reasonable, minimally intrusive controls I can put in place as BASIS has unlimited access in development at the SAP, OS and Oracle DB levels and can easily circumvent/compromise controls/logs, etc. Has anyone put reasonable controls in place?

Reply to this email to post your response.

__.____._

Manage Settings | Unsubscribe | Create FAQ | Send Feedback

kerry

5 achievements

	View this online
	Ask a new question

In the Spotlight

Earn Recognition for Your Contributions at Toolbox for IT. Gain Points for Community Achievements

_.____.__

SAP Library - Find your answers

Grab this WidgetYou can show more than 5 recent posts using this simple blogger widget by Nitesh KOthari at Wolverine Hakcs.

Click on more Feeds rss Most Popular

More ?This is SAP books Best Buy section. Click on the pics below to check more on the best SAP books.

Click on more to know more about such productsSAP Chat Room

More ?These are the Recommended products from SAP OSS Notes Team

Click on more to see more such downloadsRecommended