This website is not affiliated with, sponsored by, or approved by SAP AG.

Basis vs Security Administration

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

Basis vs Security Administration

Postby TONI » Thu Jul 03, 2014 2:08 am

Hi,
Does anyone have a sample SOD that you use to distinguish duties between the Basis and Security admin?? Which tasks should they be doing or not doing for that matter!!!
:?
TONI
 
Posts: 193
Joined: Fri Jul 18, 2003 12:37 pm

Re: Basis vs Security Administration

Postby Gary Morris » Fri Oct 31, 2014 2:47 pm

Normally SAP Security will need many "Basis" transactions to perform system audits. Review the transaction men of the SAP delivered roles:
SAP_AUDITOR_SA
SAP_AUDITOR_SA_CCM_USR
SAP_AUDITOR_SA_CUS_TOL
However Security should have display for these transactions.

The Basis team should have most of the SAP Security transactions as well but only display. Unless you want Basis to be able to lock or unlock all users for maintenance tasks. Basis should not be able to create or change roles or create or assign users.

I started in Basis doing both Basis and Security tasks until SOX came along and I had to choose one or the other. It has been segregated in every client I have worked for since then even those that were not publicly traded companies. Just seems to be the norm now.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 2 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.