Is there any common practice for setting up a group to handle SAP security? What sorts of separation of responsibilities...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
do auditors usually ask for? Also, what profiles do Basis administrators usually have? SAP-ALL, or a profile with fewer privileges?
Really depends. Lots of factors weigh into how SAP security is designed, implemented, and administered. Usually, it comes down to: size of company, number of users, number of implementations, and corporate culture. But, typically companies will have a SAP security arm that assists configuration/process teams in designing and maintaining roles. This group will be responsible for designing preventative and detective application controls; and enforcing security policy. Auditors should carry the responsibility for auditing implemented controls (segregation of duties, use request privileges). HelpDesk should perform security administration, following business approvals.
With SAP_ALL access.. Simply put: "less is more." It is better to have fewer folks with this access than more. I feel that SAP Security and SAP BASIS should not have SAP_ALL (for their own good) in production. However, I have never won that argument.
Dig Deeper on SAP security administration
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.