on 02-24-2020 12:12 PM
Hi
We have created critical permission list in our rule set. Does any one recommend monitoring the following authorisations as a Critical Permission?
S_DATASET ACTVT 06 OR S_DATASET ACTVT 34 OR S_DATASET ACTVT A7 OR S_DATASET FILENAME '*' AND S_DATASET PROGRAM '*' ANDOr would this create a case for over-reporting?
Thanks
Reza Ahoui
Hi Reza,
First thing you have to check is "what is the risk if a user or role has access to S_DATASET authorization object with mentioned values."
Will it be a risk with object alone or will it be a risk with a combination of Tcode? If the risk is only when a Tcode is given together with S_DATASET then you need to configure Critical Action risk and not Critical Permission risk.
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
15 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.