cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deletion of FF Logs

Former Member

on ‎03-23-2012 3:26 PM

0 Kudos

Hi Experts,

It may be a very generic question, but this was put forward to us by the audit team.

Can a firefighter with SAP_ALL access , delete his own change logs for e.g by utilizing debugger function or any other way.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-26-2012 2:31 PM
0 Kudos

Hello,

We've discussed this topic earlier. Kindly refer to http://scn.sap.com/thread/2118500

Cheers!

Diego.

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎03-23-2012 3:36 PM
0 Kudos

Hi "Security Team",

SAP_ALL rules the box - Firefighter is not supposed to prevent that, just to act as a control for functional SoD issues. And yes, your Admin can also unlock SAP* and copy the database.

Firefighter is a tool to document conscious SoD violations in business processes and make them transparent and impose dual control.

So, yes. Don't give a Firefighter SAP_ALL. Ever.

Frank.

Show replies
Show replies
Ask a Question