{"id":509,"date":"2010-07-02T23:07:00","date_gmt":"2010-07-02T17:37:00","guid":{"rendered":"http:\/\/JitendraZaa.com\/blog\/?p=509"},"modified":"2014-03-31T05:39:30","modified_gmt":"2014-03-31T05:39:30","slug":"sap-r3-audit-review-checklist","status":"publish","type":"post","link":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/sap-r3-audit-review-checklist\/","title":{"rendered":"SAP R\/3 Audit Review Checklist"},"content":{"rendered":"

\"\"<\/a>It is always advisable to perform a check on SAP R\/3 system a couple of times a year to ensure the tight security of SAP System. Below are few useful Do’s which can help to achieve the high degree of Security:<\/p>\n

Review the following:-\u00a0<\/span><\/strong><\/p>\n

\u00a0System security file parameters (TU02) (e.g. password length\/format, forced password sessions,\u00a0 user failures to end\u00a0\u00a0session etc.) have been set to ensure confidentiality and integrity of password.<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0 Security-Parameter-Settings-Documentation<\/strong><\/p>\n

1. \u00a0Setup and modification of user master records follows a specific procedure and is properly approved by management.\u00a0<\/p>\n

2.\u00a0Setup and modification of authorizations and profiles follows a specific procedure and is performed by someone\u00a0
\n\u00a0\u00a0 independent of the person responsible for user master record maintenance.\u00a0<\/p>\n

3. An appropriate naming convention for profiles, authorizations and authorization objects has been developed to help\u00a0security maintenance and to comply with required SAP R\/3 naming conventions.\u00a0<\/p>\n

4.\u00a0A user master record is created for each user defining a user ID and password. Each user is assigned to a user group, in\u00a0the user master record, commensurate with their job responsibilities.\u00a0<\/p>\n

5.\u00a0Check objects (SU24<\/span>) have been assigned to key transactions) to restrict access to those transaction.\u00a0<\/p>\n

6.\u00a0Authorization objects and authorizations have been assigned to users based on their job responsibilities and ensuring the SOD (Segregation of duties).\u00a0<\/p>\n

7.\u00a0Users can maintain only system tables commensurate with their job responsibilities<\/p>\n

\u00a0\u00a0\u00a0\u00a0 Select a sample of :-\u00a0<\/strong><\/p>\n

1. Changes to user master records, profiles and authorizations and ensure the changes were properly approved.\u00a0(The changes can be viewed with transaction (SECR<\/span>).\u00a0<\/p>\n

2.\u00a0Verify that a naming convention has been developed for profiles, authorizations and in-house developed authorization\u00a0objects to ensure that theycan be easily managed and\u00a0will not be overwritten by a subsequent release upgrade (for Release 2.2 should begin with Y_ or Z_ and for\u00a0Release 3.0 by Z_ only.)\u00a0<\/p>\n

3. Assess and review of the use of the authorization object S_TABU_DIS<\/strong> and review of table authorization classes\u00a0
\n\u00a0\u00a0 (TDDAT)\u00a0 whether all system tables are assigned an appropriate authorization class and users are assigned system table maintenance access (Through S_TABU_DIS) based on authorization classes\u00a0commensurate with their job responsibilities.\u00a0<\/p>\n

4. Assess and review of the use of the authorization objects S_Program<\/strong> and S_Editor<\/strong> and the review of program classes\u00a0(TRDIR) whether\u00a0all programs are assigned the appropriate program class and\u00a0users are assigned program classes commensurate with their job responsibilities.<\/p>\n","protected":false},"excerpt":{"rendered":"

It is always advisable to perform a check on SAP R\/3 system a couple of times a year to ensure the tight security of SAP System. Below are few useful Do’s which can help to achieve the high degree of Security: Review the following:-\u00a0 \u00a0System security file parameters (TU02) (e.g. password length\/format, forced password sessions,\u00a0 […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"jz_research_post":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10],"tags":[332,177],"class_list":["post-509","post","type-post","status-publish","format-standard","hentry","category-sap","tag-sap","tag-sap-audit-check"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":917,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/how-to-change-sap-tables-without-coding-or-debugging\/","url_meta":{"origin":509,"position":0},"title":"How to change SAP tables without coding or debugging","author":"Santosh Karemore","date":"August 30, 2010","format":false,"excerpt":"Simple Tips to change SAP tables without coding or debugging. This article explains SE16N_CD_KEY, SE16N_CD_DATA, S_DEVELOP, AP_EDIT, SE16N, S_TABU_DIS of SAP System.","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2010\/08\/se16n.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":425,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/sap-tips-and-tricks-ccms-computing-center-management-system-monitoring\/","url_meta":{"origin":509,"position":1},"title":"SAP Tips and Tricks \u2013 CCMS \u2013 COMPUTING CENTER MANAGEMENT SYSTEM MONITORING","author":"Santosh Karemore","date":"June 29, 2010","format":false,"excerpt":"Simple Tips and Tricks of CCMS of SAP","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2887,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/sap-r3-security-interview-questions\/","url_meta":{"origin":509,"position":2},"title":"SAP R\/3 Security – Interview Questions","author":"Santosh Karemore","date":"June 2, 2012","format":false,"excerpt":"Interview Questions for SAP R3 Security","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2487,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/sap-security-interview-questions-tips-and-tricks\/","url_meta":{"origin":509,"position":3},"title":"SAP Security Interview Questions, Tips and Tricks","author":"Santosh Karemore","date":"November 20, 2011","format":false,"excerpt":"Important Must read Interview Questions of SAP Security, Tips and Tricks","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2910,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/how-to-set-up-central-user-administration-cua-in-sap\/","url_meta":{"origin":509,"position":4},"title":"How to set up Central User Administration (CUA) in SAP","author":"Santosh Karemore","date":"June 8, 2012","format":false,"excerpt":"Step by step tutorial of setting up Central User Administration (CUA) in SAP","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"SAP CUA System Name System User","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2012\/06\/SAP-CUA-System-Name-System-User.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":2884,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/sap\/introduction-to-central-user-administration-cua-sap\/","url_meta":{"origin":509,"position":5},"title":"Introduction to Central User Administration (CUA) – SAP","author":"Santosh Karemore","date":"June 2, 2012","format":false,"excerpt":"Introduction to Central User Administration (CUA) in SAP","rel":"","context":"In "SAP"","block_context":{"text":"SAP","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/sap\/"},"img":{"alt_text":"Central User Administration (CUA) in SAP","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2012\/06\/Central-User-Administration-CUA-in-SAP.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/comments?post=509"}],"version-history":[{"count":1,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/509\/revisions"}],"predecessor-version":[{"id":3789,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/509\/revisions\/3789"}],"wp:attachment":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/media?parent=509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/categories?post=509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/tags?post=509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}