Skip to Content
0
Former Member
Jan 16, 2012 at 02:45 PM

Firefighter role built from SAP_ALL - proof of fraudulent changes

35 Views

SAP colleagues - if a firefighter role, built manually from SAP_ALL, allows all access EXCEPT SAP security related authorizations (including global auth check switch) can a user during firefighting activities:

- delete security / transaction logs to hide fraudulent acts?

Would the database tables or any other system tables retain proofs of some or any of the fraudulent changes. Would there be any other proofs of what was done?

Any other worst case scenarios and explanations in this case would be greatly appreciated.

Thank You!