This website is not affiliated with, sponsored by, or approved by SAP AG.

Restrict Salary Information in TST

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Restrict Salary Information in TST

Postby Jaynick » Tue May 10, 2011 12:44 am

Hi,

We have had a request to restrict salary related information in our TST environment. At this point we don't have a third party tool to scramble data in this system. Basis, Developers and the Security team therefore have broad access in this system and since TST is refreshed with PRD data anyone in these teams are able to view this info.

I have so far identified with assistance from our HR dept that the following should be restricted:
- IT 0008 - Basic Pay
- IT 9705 - Additional COE Remuneration Info
- Tables PA0008 & PA9705
- Txns SU01 - SU03 and PFCG (the above access can be re-assigned if the user has this access) Of course this can't be removed from the security team, monitoring should perhaps be put in place to mitigate this risk.

I am sure there are other ways in which this data can be accessed, can you help identify what I have missed?

Many thanks,
Jaynick
SAP Rules!!!
Jaynick
 
Posts: 111
Joined: Wed Jan 21, 2004 3:27 am
Location: South Africa

Re: Restrict Salary Information in TST

Postby thx4allthefish » Thu May 12, 2011 2:38 am

Jay, that'll never do! If you are paying your employees using the same system, everybody who has FI and CO transactions can check on payment data over in FI and CO!! You can see the data in cost centre reports, even down to a level where you can 'transcribe' it to UserID's.

Two sensible ways:

run your HR on a separate system (safest)
scramble data.
curiousorange wrote:I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?
thx4allthefish
 
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel

Re: Restrict Salary Information in TST

Postby Jaynick » Fri May 20, 2011 6:16 am

Thanks and agreed, I also read a post that mentioned a custom program using an algorithm to scramble the relevant HR tables then deleting the payroll results and posting documents. TDMS is planned for implementation but no set time line exists yet so this is an interim measure.
J
SAP Rules!!!
Jaynick
 
Posts: 111
Joined: Wed Jan 21, 2004 3:27 am
Location: South Africa


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 2 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.