Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from evijaykummar2 on Mar 21 at 11:09 AM Thank you for the suggestions. My question is can we use custom
composite role for each system. Is this approachable?
| | | ---------------Original Message---------------
From: Adrian Lewis
Sent: Saturday, March 21, 2015 9:45 AM
Subject: Is S_A.System good for system IDs?
It is not a good idea to use standard SAP roles and profiles, and
depending upon business requirements and risks is likely to be an audit
finding at some future time.
The ideal approach is to have a user ID for each type of background job
- e.g. one for finance jobs, one for logistics etc with appropriate
access for the jobs that will be run. Yes I know this is a bit of work
but if security is needed it is the best approach that I am aware of -
happy to hear if there are better solutions.
As for system ID's provided by SAP with default profiles they need to be
examined individually. Basis should help here. The following
precautions are suggested:
Those with powerful access should never be a dialogue user
Those that are not needed on a daily basis should be locked and only
activated when needed included SAP*
All others should never be available to normal dialogue users - only
background processes and their default passwords should be changed e.g.
DDIC EARLYBIRD etc
IF necessary log the activities of these users
Dialogue users should _never_ be assigned standard SAP profiles or roles |
| Reply to this email to post your response. __.____._ |   _.____.__ |
