Q
Problem solve Get help with specific problems with your technologies, process and projects.

Locking SAP* and DDIC

Is it wise to lock SAP* and DDIC? Out internal auditors have recommended that we lock these users. It appears to...

me that this may be dangerous since these accounts are our "life preservers" in case the system is in trouble.

I can tell you from experience that you probably won't have the option for that much longer. Impending Sarbanes hell, new audit requirements, and the possibility of misuse of SAP_ALL type access will likely make the decision for you.

My opinion is that you should lock the access, create "fire-call" ids if you need to... But make sure you have a good process in place that documents when and how they are used. On locking SAP* & DDIC make sure there are no batch or RFC programs that are using the accounts for performing typical duties. You will probably find that DDIC is used by other accounts so you may want to change the id type from Dialog to System.


This was last published in March 2004

Dig Deeper on SAPscript and Smart Forms

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchHRSoftware

Close