cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Read audit report for potential mass breach

Go to solution
ArjenVHooydonk
Contributor

a month ago

0 Kudos
320

From an audit team at a client I got the following request: How do we audit the situation that RBP was incorrectly configured opening the system up for all employees potentially seeing data for colleagues that they should not have access to (e.g., see salary information). The read audit report only allows for 10 employees to be checked per run. It is not an option to run the report hundreds or even thousands of times to verify nobody actually accessed data they should not be allowed to see.

Labels

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
MichaelBuonoGKN
Participant
a month ago
0 Kudos
Is it already known or proven that a permission issue was encountered? the Admin Center > Manage Permission Roles tool does have "View History" feature that will display an audit trail of changes made to each role (when and who made the change). This can at least help you pinpoint the time period where the data visibility issue was live or not.
ArjenVHooydonk
Contributor
a month ago
0 Kudos
@MichaelBuonoGKN, luckily it is a hypothetical. Audit team has requested the scenario to be covered.

Accepted Solutions (1)

Accepted Solutions (1)

SyWi
Active Participant
a month ago

Check the RBP to extract the exact timeframe and open a support ticket to get the exact data.

they can run more extensive data reports than in the selfservice.

Show replies
Show replies
ArjenVHooydonk
Contributor
a month ago
0 Kudos
thanks, workable with the requirement that SAP delivers the report within one or two business days

Answers (0)

Ask a Question