Hello Sunday,

These could be the keys;

Audit or Security of hardware, OS and DB are also important for audit. You must take care of these.

I will give some key points for SAP layer.

These are taken from EWA reports security sections (You can check one of EWA report how to obtain these users)

* Super User Accounts     SAP_ALL

* Users Authorized to Change all Tables

* Users Authorized to Start all Reports

* Users Authorized to Debug / Replace

* Users Authorized to Display Other Users Spool Request

* Users Authorized to Administer RFC Connections

* Users Authorized to Reset/Change User Passwords

Also check;

* Users Authorized to create or change users

* Users Authorized to change client settings and system change option

* Users Authorized to create, change, delete, assign roles and profiles

* Users Authorized to import, create requests

* Users Authorized to change RFC connections

* Users Authorized to administor background processing

* Users Authorized to change profiles

Regards,

Yuksel AKCINAR