Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP HelpDesk - Should they have access to priv t-codes such as PFCG, SU01? (Audit perspective)

Former Member

‎12-30-2014 7:22 PM

0 Kudos

Under what circumstances can SAP Helpdesk users have access to PFCG and S_USER_SAS for update activity codes? What about SU01 and S_USER_SAS? Can this pose a security risk? I am new to SAP auditing and trying to understand the basics of what helpdesk users should and should not have access to. Thanks in advance!

1 REPLY 1

Colleen
Advisor
Advisor

‎01-03-2015 12:44 PM

0 Kudos

Hi AG

Do you have a general auditing background or security background? Your questions is a mixture of basic trainining security

You can answer this question yourself if you take the time to read up on what the authorisation object is used for and also find out what the support structure for your system is (that is, are the people with the access responsible for the administration activities that require that access)

Also, in determining risk it isn't always about the object but the actual values of the authorisation. Display activity for example would be quite different to creation or modification.

Regards

Colleen