One employee - two users (end user and superuser)?
I have a question concerning the management of SAP users with extended permissions.
Currently all our employees access the system to fill in the worksheet, manage travel and other activities. But some of these employees also need access to the production environment to perform administrative activities in the SAP system.
This mixture of permits, end user and superuser is not acceptable from the audit point of view.
One option is to use two user codes for each employee, end user and superuser with extended permissions. But this solution has many operational problems.
Another option would be to use GRC AC Superuser Privilege Management. Expensive...
My question is if anyone has managed this in a different way that might be acceptable from the audit point of view. In our system we have around 10,000 end users and 100 users with extended permissions.
I would appreciate any feedback.