Skip to Content
avatar image
Former Member

Security review

Hi All,

How to perform security review for existing users, roles and authosrisations? What all to check?How should i proceed?

Can some one give me some information, how to perform this?

Regards,

Sandhya

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Nov 14, 2008 at 07:39 PM

    In addition to what the others have already said, what you might want to consider doing is starting transaction SECR. It will inform you about the role based menu of the Audit Information System which contains many security relevent checks which you can try out and learn the use of.

    Assign these "audit" roles to your ID and the menu's will appear. You can also read an explanation for the checks, before executing them in the report trees.

    Cheers,

    Julius

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 14, 2008 at 01:03 PM

    Start by reading the sticky thread in the top of the forum.

    Your question is way too general to be answered in this forum. As you'll find in the sticky and it's linked threads such questions hardly ever get a satisfiying answer.

    What is your position, from which standpoint do you need this information?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Nov 14, 2008 at 03:14 PM

    Hi Sandhya,

    I agree with Jurjen on this one.

    When you say Security review, it is a very broad term and I think the way you put it is more about Access Controls in SAP.

    I would strongly suggest you to go through the SDN threads where folks had already asked similar details and possibly look into SDN blogs and library.

    I think as a best startup, I would suggest to go and start looking from SAP HR if you have. Or alternatively you can start working from LDAP, UME or anyother corporate database of Users. Identify the HR Job titles and Business Roles Users currently occupy.

    Then try to find the mapping of the HR position to the existing SAP technical roles. Document all your observations in spreadsheets.

    You can now go a little deep further into what access the users exactly have by looking at the tcodes in the roles. It may take a long time and you may have to do a series of discussions of why some tcodes are used by users even though they should no have to.......

    You may have to look into Segregation of Duties and Compliance details while checking the roles and Users Access.

    I think this will give you a good starting point. Let us know if you dont understand any of the above

    Regards,

    Kiran Kandepalli.

    Add comment
    10|10000 characters needed characters exceeded