Q

Common SAP security practices

Is there any common practice for setting up a group to handle SAP security? What sorts of separation of responsibilities do auditors usually ask for? Also, what profiles do Basis administrators usually have? SAP-ALL, or a profile with fewer privileges?

Is there any common practice for setting up a group to handle SAP security? What sorts of separation of responsibilities do auditors usually ask for?

Also, what profiles do Basis administrators usually have? SAP-ALL, or a profile with fewer privileges?


Really depends. Lots of factors weigh into how SAP security is designed, implemented, and administered. Usually, it comes down to: size of company, number of users, number of implementations, and corporate culture. But, typically companies will have a SAP security arm that assists configuration/process teams in designing and maintaining roles. This group will be responsible for designing preventative and detective application controls; and enforcing security policy. Auditors should carry the responsibility for auditing implemented controls (segregation of duties, use request privileges). HelpDesk should perform security administration, following business approvals.

With SAP_ALL access.. Simply put: "less is more." It is better to have fewer folks with this access than more. I feel that SAP Security and SAP BASIS should not have SAP_ALL (for their own good) in production. However, I have never won that argument.


This was first published in January 2002

Dig deeper on SAP security administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close