Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sandbox Security After Being Refresh from Prod

Former Member

‎03-04-2009 8:29 PM

0 Kudos

My company is planning to do a refresh of sandbox from production. This is the first time I'll be dealing with this. I've also heard of other companies doing the same thing. Even others are refreshing their DEV system from prod. I don't agree with this approach and I think that this is bad practice. However, I would like to know the advantages and disadvantages of this practice in terms of security. And what security issues that I should consider.

Thanks,

Bliss

9 REPLIES 9

Former Member

‎03-04-2009 8:52 PM

0 Kudos

> My company is planning to do a refresh of sandbox from production.

This is sometimes a symptom of developers having lost faith in their DEV system... and consequently functional folks loose faith in the QAS system...

Depending on what you have installed and whether you have some clean up and scrambling tools, this might not be critical.

Are you only doing a client copy, or is it a complete system copy? Also, which release are you on?

If it is a complete restore, then the bright side of it is that your basis folks can practice their SAP IT "Restore" part of your Disaster Recovery Plan.

If you loose more than 15 minutes of data, or 15 seconds if you include the transactional logs in the restore, and the system is down for more than 1 hour... then keep practicing

Cheers,

Julius

Former Member
In response to Former Member

‎03-04-2009 10:18 PM

0 Kudos

Disadvantage is that --> Its the PRD data and many folks can have an exact upto date data to view and enjoy -- imagine the Purchase reqs , POs , HR data so on and so forth.

Advantage is the that folks get to practice with more reliable data.

Former Member
In response to Former Member

‎03-04-2009 10:33 PM

0 Kudos

You still don't mention how you want to "copy" the data / application / system...? Nor which release you are on? This makes a difference...

As a general remark (because you mention "practicing") I would recommend scrambling the master data to make it anonymous (but in the transaction data there is also information, e.g. long texts) such that the security is not less than that of a BW or online reporting in the ERP system which they can access anyway...

If it is for real support issues which need "a bit of practicing" beforehand and the QAS system cannot be refreshed fast enough to test a support issue, then there is also the option of a virtual system, in which case (if you are interested) I will move this thread to the NW Platform or NW Admin forum.

Please provide more information, to have more usefull answers...

Cheers,

Julius

Former Member
In response to Former Member

‎03-05-2009 12:10 AM

0 Kudos

Hi Julius,

Sorry for not responding immediately, unfortunately, I've locked myself out so I had to wait for a few hours(?) before I could try again.

We are on ECC6 and it will be a system copy as far as the discussions have been going. We are doing this because the support team wants good data to play with.

How can I scramble the master data in there?

Thanks!

Former Member
In response to Former Member

‎03-05-2009 2:51 PM

0 Kudos

> How can I scramble the master data in there?

I have only used commercial tools, but am also aware that SAP's Landscape Optimization Group have a "SAP Test Data Migration Server" which offers this feature to scramble data and only transfer enough data to make it usefull for training and playing.

I know that specifically for HR there are several commercial tools which can be used for this. You will find many of them with a google search.

For beginners, there is also a report in the SFLIGHT demo tool which will generate some anonymized data for you to do basic training with.

Via google you will find all three...

Cheers,

Julius

Former Member

‎03-05-2009 12:13 AM

0 Kudos

Refreshing Data from Prod to DEV or SandBox are sometimes requirement from the SAP team, New project, Support issues, Up to date Data, Upgrade issue, Disaster recovery, DR test etc.

There are many advantage of such practice, However this also brings some critical security issues. masking the sensitive data in such systems after refresh can be option. you may also need to lock down other end user who are not going to use the DEV or Sandbox. Revisit the security level of your SAP team. Copy your security somewhere else prior to refresh in different client, than you will have reference to see what was there before or even transferring back all security.

Youn can scrumble data by dummy values, your developer may have more idea, It is some what chaging the actual value to the dummy values.

Edited by: Kinjar Patel on Mar 5, 2009 11:14 AM

Former Member

‎03-05-2009 9:31 PM

0 Kudos

One Security issues that you may face is if they copy User Master data from Production to your sandbox...

Everybody will come to use asking that they do not have access in sandbox or restricted access in sandbox....

Lot of work giving everybody their old access in the sandbox

Former Member
In response to Former Member

‎03-05-2009 9:45 PM

0 Kudos

Been there, done that, got the t-shirt?

Very good observation!

Former Member
In response to Former Member

‎03-09-2009 3:54 AM

0 Kudos

One of the options is to take the user master export from Sandbox (or the system being refreshed) and import it back after the refresh. This way user gets Production data and sandbox access. However if there are some users in Production whi are not already in Sandbox then that would be an issue

Regards

Vijaya