12-17-2009 4:55 AM
Since SAP does not recommend using GRC Access Control to log actions performed using SUPER users such as SAP, DDIC, or other powerful id's, what tools are available? When SAP, DDIC, or other powerful super users are used in your SAP environment. Are these activities being logged? Is anyone monitoring these activities? Do you even use SUPER id's in your environment or assign access directly to your BASIS team? Have you used GRC SPM or Virsa Firefighter to manage these users? Are you using monitoring tools such as Cyber-Ark to log and monitor your BASIS team? How do you ensure your management or audit team that all activities perfomed by SAP*, DDIC or other powerful SUPER users is logged and available for review?
12-17-2009 5:12 AM
Dear Greg,
Normally these SUPER users are locked/deactivated in the systems and not used for any of the development / maintainance activities.
Regards,
Lakshmi.
12-17-2009 5:14 AM
12-17-2009 8:55 AM
Hi
SM19 monitoring for that users is quite handy. As long no events are raised, no logs are created.....
b.rgds, Bernhard
12-17-2009 9:35 AM
> Since SAP does not recommend using GRC Access Control to log actions performed using SUPER users such as SAP*, DDIC, or other powerful id's, what tools are available?
Can you reference the source where SAP says that standard super users should not be logged?
SAP also says that standard users such as DDIC and SAP* are known targets of attack vectors(DoS attacks, password brute forcing, DB vulnerabilities...) so once having locked them down (see the other responses) it would make sense to monitor them for any events.
Cheers,
Julius