12-30-2014 7:22 PM
Under what circumstances can SAP Helpdesk users have access to PFCG and S_USER_SAS for update activity codes? What about SU01 and S_USER_SAS? Can this pose a security risk? I am new to SAP auditing and trying to understand the basics of what helpdesk users should and should not have access to. Thanks in advance!
01-03-2015 12:44 PM
Hi AG
Do you have a general auditing background or security background? Your questions is a mixture of basic trainining security
You can answer this question yourself if you take the time to read up on what the authorisation object is used for and also find out what the support structure for your system is (that is, are the people with the access responsible for the administration activities that require that access)
Also, in determining risk it isn't always about the object but the actual values of the authorisation. Display activity for example would be quite different to creation or modification.
Regards
Colleen