SAP colleagues - if a firefighter role, built manually from SAP_ALL, allows all access EXCEPT SAP security related authorizations (including global auth check switch) can a user during firefighting activities:
- delete security / transaction logs to hide fraudulent acts?
Would the database tables or any other system tables retain proofs of some or any of the fraudulent changes. Would there be any other proofs of what was done?
Any other worst case scenarios and explanations in this case would be greatly appreciated.
Thank You!