We are going through our first SAP ERP implementation and had few questions about the SIDADM user and audit. We are running the SAP system in a Windows server with Oracle Database. SIDADM user is currently shared by the basis team to maintain the SAP servers. The basis team logs into the server using the SIDADM account to start/stop the SAP system, run any command based utilities (i.e. sappfpar or tp) when needed and creating/executing batch scripts for backups/exports/etc. However, since the password for this user is shared by the whole team, we are concerned about SOX audit compliance.
1. How does other customers on Windows environment control the SIDADM account to satisfy audit requirements? Audit doesn't normally allow shared accounts on SAP servers. When someone directly logs into the SAP server with SIDADM, we can't trace who logged on and made changes to the system.
2. If the password for SIDADM is not shared by the basis team, how does the basis team maintain the SAP servers (i.e. start/stop instance)?
3. Can the SAP systems be maintained by individual users without using SIDADM? If so, how?
We are looking for recommendations on how to control the super users in the SAP environments (SIDADM, DB users, etc) to satisfy SOX audit requirements.
Thanks for all your help. Any recommendations will be appreciated~~