05-04-2010 8:14 PM
Hi,
I am looking to see how others handle SAP Role Substitution and SOD conflicts.
For example, a person is going to be out on vacation for a few day and assigns their roles to another employees to continue with daily tasks....SOD risks result because of the temporary assignment and role combinations....what are you guys doing to manage, and monitor this sort of activity?
Your help and comments greatly appreciated!
05-05-2010 5:46 PM
Hi,
One option is to use the Firefighter or Superuser Privilege Management for Substitutions, if more authorization are needed. Every transaction and details will be logged. There are several possiblities to reporting that.
In other case, you should decide, if the user which has the substitution roles, to add the role permanent... because you have a lots of work to assing and deprovisioning such roles.
Cheers,
Martin
05-07-2010 7:45 AM
Hi
As already stated by Martin, one of the option for handling adtional backup access to users could be through Superuser Privilage management(If GRC has been implemented with your client). This would allow detailed reporting at transaction level for audit purposes.
If GRC is not implemented with your client then any additional access which is resulting in SoD, there has to a proper documentation of temporary access assignment to users(For Audit purpose). Mitigation control should be documented and submitted by the supervisor of the user to the SoD team to ensure proper compliance is in place for the additional access provided to the user.
Thanks.
Anjan