-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Re: Table DD09L question
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Table DD09L question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Sep 03 6:00 PM
- SAP Managed Tags
- Security
Hello, in the SAP environment I am reviewing, in the DD09L table, table logging is NOT enabled for certain business tables. If a user has SAP_ALL, could that user process a payment to a vendor, then delete the table record in BKPF and BSEG, and the table change would NOT be recorded? Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Nov 23 8:00 AM
- SAP Managed Tags
- Security
Hi
If you find out table logging is not enabled you can enable the same from SE16 -> Table name-> Change -> technical Setting ..
It will raise a TR generate that tr and TRansaport the same into othe environments as per the requirement .
Secondly with the help of SAP All Profile a user can perform all as SAPall it self denotes full authorization to the entire system ..
As per the audit point no one should havse SAP_All Authorization
Regards
Shilpa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Sep 03 6:17 PM
- SAP Managed Tags
- Security
DD09L is a different concept to application logs.
Yes they could delete from the BSEG with SAP_ALL, but it would cause a mess (inconsistency) which an auditor would find very easily.
Cheers,
Julius
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2009 Nov 23 8:00 AM
- SAP Managed Tags
- Security
Hi
If you find out table logging is not enabled you can enable the same from SE16 -> Table name-> Change -> technical Setting ..
It will raise a TR generate that tr and TRansaport the same into othe environments as per the requirement .
Secondly with the help of SAP All Profile a user can perform all as SAPall it self denotes full authorization to the entire system ..
As per the audit point no one should havse SAP_All Authorization
Regards
Shilpa
Bluesky