Basis vs Security Administration

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Post Reply
Posts: 194
Joined: Fri Jul 18, 2003 12:37 pm

Basis vs Security Administration

Post by TONI » Thu Jul 03, 2014 2:08 am

Does anyone have a sample SOD that you use to distinguish duties between the Basis and Security admin?? Which tasks should they be doing or not doing for that matter!!!

Gary Morris
Posts: 400
Joined: Sun Oct 20, 2002 10:42 pm
Location: New York

Re: Basis vs Security Administration

Post by Gary Morris » Fri Oct 31, 2014 2:47 pm

Normally SAP Security will need many "Basis" transactions to perform system audits. Review the transaction men of the SAP delivered roles:
However Security should have display for these transactions.

The Basis team should have most of the SAP Security transactions as well but only display. Unless you want Basis to be able to lock or unlock all users for maintenance tasks. Basis should not be able to create or change roles or create or assign users.

I started in Basis doing both Basis and Security tasks until SOX came along and I had to choose one or the other. It has been segregated in every client I have worked for since then even those that were not publicly traded companies. Just seems to be the norm now.
Gary Morris
SAP Security Consultant

Post Reply