on 03-23-2012 3:26 PM
Hi Experts,
It may be a very generic question, but this was put forward to us by the audit team.
Can a firefighter with SAP_ALL access , delete his own change logs for e.g by utilizing debugger function or any other way.
Thanks
Hello,
We've discussed this topic earlier. Kindly refer to http://scn.sap.com/thread/2118500
Cheers!
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi "Security Team",
SAP_ALL rules the box - Firefighter is not supposed to prevent that, just to act as a control for functional SoD issues. And yes, your Admin can also unlock SAP* and copy the database.
Firefighter is a tool to document conscious SoD violations in business processes and make them transparent and impose dual control.
So, yes. Don't give a Firefighter SAP_ALL. Ever.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.