Hello Team,

We have implemented and testing the fuctionality of Virsa FF Super user

Mgmt.

We have few questions regarding Virsa FF logs,

As we understand all changes are logged by FF. But this is not the

case. Please find the few case by case

1. Client modifications

Case 1. I run SCC4 to open system for customizing, then SPRO for

customizing and SCC4 to close client.

Case 2. I run SCC4 to open system for customizing, then SPRO for

customizing and forget to run SCC4 again to close client.

In both cases FF log will show the same information, because changes to

client status are not logged by FF and sequence of activities is not

reflected.

2. Table entries

We understood that all table entries are logged and it is one of the

strongest advantage of FF.

I can change bank account of vendor few different ways:

- Transaction XK01, which will seen in FF log

- Transaction XK99 through batch input, which according your answer

(point B.3.b) won't be capture in FF log.

- Transaction SE16N through direct modification of table, which won't

be captured by FF log.

3. "TRX logged"

I'm under impression that certain items in certain conditions are not

capture by log. We must know full logic and all exceptions. Could you

elaborate why mass updates in background are not capture, especially

all those information are CDHDR table, as per my understading is one of

the source of FF log.

(It is nothing about background processing. Instead of running specific

transaction like SU01, I ran program, which is behind it and change

password, lock/unlock user. It generate entry in CDHDR table, but FF

log has not pick up those activity. )

4.Other findings

There is a chanceof risk to accept compensating control (from the

understanding) in the super user management area. This compensating

control is generating heavy workload, because as per current situation

someone has to review about 150 firefighter assignments per month and

reconcile with SD4 (Internal change management process). It is monthly

effort.

SoD must be enforced by user exit. SAP_ALL or any specific

authorizations should not grant access rights to assign to one user id

all those functions. Last year, we had cases of "firefighters"

assigning SAP_ALL to the regular users.

- FF logging functionality is not sufficient.

- FF does not provide sufficient segregation of duties in super user

management.

Similar logs (FF logs) we getting from other reports in SAP like SM20,

SUIM,SM37 etc. In such case please help me to understand the value

additions that we are getting through VIRSA FF Super user Mgmt.