By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Very simple question. No. There are a number of rules, best practices, and common sense that would argue in your favor. The norm is for support people to have display access for most transactional functions, where problems are noted so they should be replicable in your testing environment (assuming you have a good QA process). The support personnel should then find the solution for the problem, move it to test and then promote to production. If you give support people production functional access, they will start processing transactions and have both the knowledge and access to violate most internal controls.
Alternatively, I have seen some process teams identify specific transactions they need in production due to specific business rules (Tax rate updates, Monthly close support) and receive business sign-off. This is acceptable and warranted. There are always exceptions.
Furthermore, you should work with your audit community to understand your obligations under Sarbanes-Oxley Section 404 on internal and system controls. Your external auditor may not be willing to attest to the soundness of your control environment if multiple segregation of duty issues exists.
Dig Deeper on SAP support and maintenance
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.