Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP authorization auditing

Go to solution
Former Member

‎09-29-2008 3:35 PM

0 Kudos

hi friends,

i wanted do SAP authorization auditing for a organization. they have already implemented SAP in there organization but there is proper procedure for it. I want to find out conflicting roles for all user and compare users roles with the standard roles which would be standard roles as per the roles matrix for them.

how could i find out all this data and how i should i proceed for this.

Regards,

Koushal

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎09-30-2008 10:15 AM

0 Kudos

Hi Koushal,

Check out the following link [http://www.auditnet.org/docs/SAP_AP2.doc] which is a bit comprehensive but will definitely be of help to you.

Thanks,

Saby..

7 REPLIES 7

Go to solution
jurjen_heeck
Active Contributor

‎09-29-2008 4:36 PM

0 Kudos

Hi koshal,

Have you checked the auditing section of our "sticky" thread: ?

In there are links to some nice discussions including this one:

That should get you started. The question you've asked today is very general and I do not expect anyone to deliver an answer that completely covers it. So please read along, expand your knowledge and feel free to come back with more specific questions.

Jurjen

Go to solution
Former Member

‎09-30-2008 10:15 AM

0 Kudos

Hi Koushal,

Check out the following link [http://www.auditnet.org/docs/SAP_AP2.doc] which is a bit comprehensive but will definitely be of help to you.

Thanks,

Saby..

Go to solution
Former Member
In response to Former Member

‎09-30-2008 11:35 AM

0 Kudos

thanx for your reply Jurjen and saby.. i will check the links given by you ppl and try to follow it.

i want to know is there any tool for SAP auditing which could help to find conflicting roles.

Regards,

Koushal Solanki

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎09-30-2008 12:17 PM

0 Kudos

> i want to know is there any tool for SAP auditing which could help to find conflicting roles.

Once you've defined the conflicts have a look at (or search on) reports RSUSR008 and RSUSR009, or RSUSR008_009_NEW. Another usefull keyword may be GRC.

Go to solution
Former Member
In response to Former Member

‎09-30-2008 12:20 PM

0 Kudos

Hi Koushal,

SAP has a tool called GRC which can be used for SOD analysis and auditing.Earlier, it used to be known as VIRSA.

Of course, there are other tools ........also available in the market like APPROVA and so on.

You can also take a look at Axis - Risk Management Software for SAP R/3 at the website http://axxiominfo.com.

Each one claims that they are better than others.

Thanks,

Saby..

Go to solution
Former Member
In response to Former Member

‎09-30-2008 12:57 PM

0 Kudos

Hello friends,

i found that SAP also provide a tool called Audit Information System (AIS) for auditors. The SAP Audit Information System (AIS) provides a centralized repository for reports, queries, and views of data that have a control implication.

Transaction code SECR is used to access the AIS.

Regards,

koushal

Go to solution
jurjen_heeck
Active Contributor
In response to Former Member

‎09-30-2008 1:13 PM

0 Kudos

SECR is/was a menu as far as I know but that's been replaced in newer versions.

Nowadays the menus and authorizations for audit tools are to be found in a set of standard SAP roles.

Look for roles with names like "SAPAUD"

I'll have a look for relevant notes.

Found:

Note 705197 - Audit Information System (AIS) 5.00 - Composite note

That should get you up to speed

Edited by: Jurjen Heeck on Sep 30, 2008 2:16 PM Note added