SAP HelpDesk - Should they have access to priv t-codes such as PFCG, SU01? (Audit perspective)
Under what circumstances can SAP Helpdesk users have access to PFCG and S_USER_SAS for update activity codes? What about SU01 and S_USER_SAS? Can this pose a security risk? I am new to SAP auditing and trying to understand the basics of what helpdesk users should and should not have access to. Thanks in advance!