
	Home > Ask the SAP software/management Experts > Questions & Answers > Common SAP security practices

Ask The SAP Expert: Questions & Answers

EMAIL THIS

Common SAP security practices

EXPERT RESPONSE FROM: Steven Fullbright

		Pose a Question

		Other SAP Categories

		Meet all SAP Experts
		Become an Expert for this site

QUESTION POSED ON: 07 January 2002
Is there any common practice for setting up a group to handle SAP security? What sorts of separation of responsibilities do auditors usually ask for?

Also, what profiles do Basis administrators usually have? SAP-ALL, or a profile with fewer privileges?

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Really depends. Lots of factors weigh into how SAP security is designed, implemented, and administered. Usually, it comes down to: size of company, number of users, number of implementations, and corporate culture. But, typically companies will have a SAP security arm that assists configuration/process teams in designing and maintaining roles. This group will be responsible for designing preventative and detective application controls; and enforcing security policy. Auditors should carry the responsibility for auditing implemented controls (segregation of duties, use request privileges). HelpDesk should perform security administration, following business approvals.

With SAP_ALL access.. Simply put: "less is more." It is better to have fewer folks with this access than more. I feel that SAP Security and SAP BASIS should not have SAP_ALL (for their own good) in production. However, I have never won that argument.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SAP White Paper Topics

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2000 - 2009, TechTarget \| Read our Privacy Policy SearchSAP.com is a search service provided by TechTarget and is completely independent of and not affiliated with SAP AG.