There comes a time when you have to deal with auditors. I have put together a check list to go through. If this is a new implementation you should go through this and may be you can impress your boss.
If you have any doubts as to whether or not revisiting your SAP infrastructure security is worth your while, take this short test and see how well your SAP systems security now fares.... follow the link
If you feel I should add more email me admin@sapecc.com
SAP R/3 user ID SAP* and other system user id has been adequately secured.
The production system has been set to productive.
Access Restriction: SCC4 and SE06
S_DEVELOP is secured
Change management is secured and controlled
Transport access to production is restricted
Developer access in production
Change critical number range is restricted
Custom tables has authorization group
Locking of sensitive systems transaction codes
BDC user types should has only required access
Run Program in the back ground
Changes to critical SAP R/3 tables are logged
Scheduling and Monitoring Batch jobs
Access to run reports should be restricted.
Critical and custom SAP R/3 tables are restricted. |
