SAP R/3 Audit Review Checklist

It is always advisable to perform a check on SAP R/3 system a couple of times a year to ensure the tight security of SAP System. Below are few useful Do’s which can help to achieve the high degree of Security:

Review the following:- 

 System security file parameters (TU02) (e.g. password length/format, forced password sessions,  user failures to end  session etc.) have been set to ensure confidentiality and integrity of password.


1.  Setup and modification of user master records follows a specific procedure and is properly approved by management. 

2. Setup and modification of authorizations and profiles follows a specific procedure and is performed by someone 
   independent of the person responsible for user master record maintenance. 

3. An appropriate naming convention for profiles, authorizations and authorization objects has been developed to help security maintenance and to comply with required SAP R/3 naming conventions. 

4. A user master record is created for each user defining a user ID and password. Each user is assigned to a user group, in the user master record, commensurate with their job responsibilities. 

5. Check objects (SU24) have been assigned to key transactions) to restrict access to those transaction. 

6. Authorization objects and authorizations have been assigned to users based on their job responsibilities and ensuring the SOD (Segregation of duties). 

7. Users can maintain only system tables commensurate with their job responsibilities

     Select a sample of :- 

1. Changes to user master records, profiles and authorizations and ensure the changes were properly approved. (The changes can be viewed with transaction (SECR). 

2. Verify that a naming convention has been developed for profiles, authorizations and in-house developed authorization objects to ensure that theycan be easily managed and will not be overwritten by a subsequent release upgrade (for Release 2.2 should begin with Y_ or Z_ and for Release 3.0 by Z_ only.) 

3. Assess and review of the use of the authorization object S_TABU_DIS and review of table authorization classes 
   (TDDAT)  whether all system tables are assigned an appropriate authorization class and users are assigned system table maintenance access (Through S_TABU_DIS) based on authorization classes commensurate with their job responsibilities. 

4. Assess and review of the use of the authorization objects S_Program and S_Editor and the review of program classes (TRDIR) whether all programs are assigned the appropriate program class and users are assigned program classes commensurate with their job responsibilities.





6 responses to “SAP R/3 Audit Review Checklist”

  1. Starla Kelman Avatar

    I have not checked in right here for a while as I considered it was receiving tedious, nevertheless the previous handful of posts are seriously great top quality so I guess I will add you again to my daily bloglist. You deserve it my companion. 🙂

  2. Matt Avatar

    Hey Admin! I was reading your post and it really looks like that your post isn’t optimized well to gain search engine traffic and rankings. Actually I am an SEO Consultant, advicing people about how to get more traffic. I’d suggest you to check out this awesome WordPress Plugin here – called SEOPressor, really thankful to Daniel for this. I use it on all my and my client’s websites. This is going to help you a lot. BTW, I am in no way affiliated to this guy, its just an advice. Your wish, take it or drop it. 🙂

  3. Freddy Borgmeyer Avatar

    My brother suggested I might like this website. He was totally right. This post truly made my day. You can not imagine just how much time I had spent for this information! Thanks!

  4. low priced heel lifts Avatar

    I saw a couple of other similar content yet yours has been the best so far.

  5. places to eat in traverse city mi Avatar

    I appreciate, cause I found just what I was looking for. You have ended my four day long hunt! God Bless you man. Have a nice day. Bye

  6. Laure Roepke Avatar

    There is noticeably a bundle to know about this. I assume you made certain nice points in features also.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.