-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Products and Technology
- Additional Q&A
- Audit Question - Access to SU01
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Audit Question - Access to SU01
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on ‎2009 Oct 28 2:29 AM
I have a question in regards to access to SU01. We currently have a team to setup users and assign roles. We are SOx regulated and have been questioned about having individual having this access.
Does it make sense to have one user setting up the ID without any authorizations assigned and then another person add the roles? We have compliance calibrator installed and no issues from that, but I am aware sometimes it is a business process decision from our auditors.
To me this does not make sense to me at all. Not sure if this would be the same for all our other applications either at this point including BW, IPC, XI, network access etc. etc. etc.
Know the answer?
Help others by sharing your knowledge.
AnswerNeed more details?
Request clarification before answering.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
Normally security (if not basis) team will take care of authorization part i.e. creating users and assigning roles to users.
They only(Security) should have access to SU01.There is no point to split authorization activity in to two categories like one person will create user id with out roles and another person will assign roles to that user.
We can have common security team for ECC, BW, and XI....etc.
Thanks & Regards,
KKRao.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bluesky- Modern SAP Cloud ERP Security: From Core ERP to BTP, SaaS, and AI in Technology Blog Posts by SAP
- How SAP Signavio, LeanIX, CALM & SuccessFactors Form a Unified HR IT Architecture in Human Capital Management Blog Posts by SAP
- Strategic Change and SAP SuccessFactors: Why Senior HR Leaders Choose Max Success Plans in Human Capital Management Blog Posts by SAP
- Reducing Bias with Calibration Alerts in SAP SuccessFactors in Human Capital Management Blog Posts by Members
- Max Success Plans Help Keep HR Transformation on Track in Human Capital Management Blog Posts by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.