In some situations it might be useful to have a role or profile that only allows the data display,
It is available in SAP something that could answer this request? Is there a SAP_ALL profile for each SAP application component?
This one's a bad habit. Most common causes are:
- Project necessities not better detailed
- Scarse sensibility towards data security
- Scarse knowledge of potential problems of this action
Why should you remove these users, even non-interactive ones, ASAP? Let's see some examples!
0 Comments Click here to read/write comments
Topics: sap_all, auditing, rfc, rfc security, rfc destination, system users
Is it really possible that external consultants do not have any access to SAP production systems?
Clearly there are various case studies, occasional or ongoing consultants, for example for maintenance contracts.
Is it really necessary to release an access to the production systems even in this last case? Can we control what happens and why it is requested?
0 Comments Click here to read/write comments