segregation of Basis/Admin duties

Former Member · ‎08-17-2006

Our upper management ordered an audit of all roles in our ERP system. The company that audited us came up with a pretty extensive report that basically said a Basis Admin should not have the rights to both create transports and actually move transports. That's just one example. But there were many. Our Basis team is 4 people, yet their recommendations were to have close to 10 segreated duties that, in all my years(10+), have typically been performed by the same role. Clearly, this "report" that the auditor ran was pre-canned and scripted with little input on our specific company/environment. But I want to know - does anyone have any SAP published docs about recomendations on Basis roles and what transactions/duties they encompass?

Any comments on how similar audits at your own company might have gone?

Former Member · ‎08-21-2006

Traditionally, I have seen Basis Admins have SAP_ALL and SAP_NEW in all systems except PROD. But in the SAP Best Practices for Security, Basis admins normally have a role set up that has pretty much everything they need. It does not normall include Security and most business transactions.

Former Member · ‎08-21-2006

Basis admins should have all rights in the systems ,i never saw a basis admin having roles in his master record

admins have sap_all and sap_new

segregation of Basis/Admin duties

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: Incorporate international clients into VAR Chi...

Incorporate international clients into VAR Chile

Re: reading external (OData) API from cap

Re: reading external (OData) API from cap

Re: SSO using OKTA - launches FLP twice