Solved: SAP GRC Process Control: CCM to monitor SAP Standa...

reza_ahoui2 · ‎2020 Sep 15

Hi

I would like to create CCM to monitor SAP Standard Users SAP*, DDIC and EARLYWATCH to make sure:

1) they are locked.

2) their default passwords are changed.

Questions:

A) What are the tables suggested for the Data Source?

B) My issue is these standard users are in the default clients (000, 001, 066), so what to do in this case? There is nothing for GRC to monitor in these clients therefore we have not got connections to these cleints (and really don't see much value to build them).

Thanks

Reza Ahoui

madhusap · ‎2020 Nov 13

Hi Reza,

I will suggest to leverage Manual Control Test process for this and have test steps documented on how to verify and validate this control in respective clients 000, 001, 066.

Control: SAP System user IDs is adequately secured via changing the initial password from SAP. This is to prevent unauthorized access to the system using default passwords

Test Steps:

Step 1: Determine that the passwords of SAP standard users have been changed in all clients in the production environment from the SAP shipped passwords.

Step 2:Execute transaction code SA38 with program RSUSR003. Also execute SA38 with program RSUSR200 to check if passwords have just been changed.

Step 3:New password should be secured in a sealed envelope or equivalent and kept by appropriate personnel (system owners) other than the system administrators.

Regards,

Madhu

reza_ahoui2 · ‎2020 Nov 13

Thanks Madhu, useful as always

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

SAP GRC Process Control: CCM to monitor SAP Standard Users

Know the answer?

Need more details?

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)