Page 1 of 1

Developer keys - confirmation and help please!

PostPosted: Tue Feb 10, 2015 5:48 am
by giles1
I work in SAP Compliance and we are reaching the end of our external audit, but they have one query surrounding a Basis user who appears to have a Developer key in one of our dev clients. This is raised as an issue (due to SOD) but we are trying to prove that the user in question does NOT actually have a dev key. The issue has been caused by the fact that the user previously worked for the company (over 10 years ago) in a different capacity, and is now back as a Basis administrator.

The overview is this..... the external audit team are looking at the DEVACCESS table in the dev client (where the user id shows), but I have been informed that the user (and key) are not actually visible on the OSS portal with SAP. I am just looking for some guidance over which is the "active" record here?

Does the fact that the user has an entry in the DEVACCESS table mean that he really DOES have an active key, or should we be taking the OSS portal information as the 'truth'? If DEVACCESS is indeed the right place to be looking, can entries simply be deleted here?

If anyone has any advice on this it would be HUGELY appreciated. Thanks in advance.


Re: Developer keys - confirmation and help please!

PostPosted: Tue Feb 10, 2015 7:13 am
by Gothmog
I'll mirror this in the Basis forum, as Basis people may know more about his, but as far as I know, the DEVACCESS table is what SAP checks when you change a program, so yes, your Basis user still has an active developper key, and this entry should be deleted.

Re: Developer keys - confirmation and help please!

PostPosted: Tue Feb 10, 2015 9:55 am
by giles1
thank you Gothmog! our Basis team have contacted SAP directly to get 100% confirmation on this but I really appreciate your response. If they confirm what you said, then we will have to look at deleting entries from the DEVACCESS table (via a custom program) but I know this is not recommended by SAP....

Re: Developer keys - confirmation and help please!

PostPosted: Thu Feb 12, 2015 11:51 am
by Zavaros

the DEVACCESS table cannot be edited directly by SAP transactions. (We had to develop own report to delete entries from it.)

The entry gets to the table only when a developer does any activity that requires developer key. So ... somewhere in the past your basis admin did modified an object in the SAP system.

You could try to prove that the admin did not do anything illegal:
- check that the user has no authorization to modify objects in the system. I.e he does not have authorization object S_DEVELOP with activities 1,2,6...
- check the transports. What tasks, transports belong to the admin.
- check in TRDIR objects modified by the admin ( and the time stamp!)