Question:
Hi SAPiens !
Our company policy not allows SAP_ALL/SAP_NEW for any user except SAP*.
My question is for DDIC user : what are authorizations object and transaction can give for this one in order to run correctly ?
Thanks for your reply.
Answer:
Mostly S_ADMI_FCD this is provided you use DDIC for its intended purboe and not what people use it for. It is the Data Dictionary Owner and should ONLY be used for Databse and Data dictionary functionality. In St03 you can get an idea of what it HAS beed used for and weed out the non-Data Dictioary functions.
Answer:
Hi John,
After the internal audit, they recommended that the validity date of DDIC must be in the past.
Is this correct? If yes, won't if affect DDIC's activities?
Answer:
Hi John,
After the internal audit, they recommended that the validity date of DDIC must be in the past.
Is this correct? If yes, won't if affect DDIC's activities?
Answer:
Guilding the lilly....
DDIC's main functionality is the data dictionary owner. Lockin ghte ID, chnaging the validity date and removing the access all do the same thing, make the ID inactive. By applying all three you raise the bar even higher, but at what cost? If you use the id frequently all three is over kill and the controls are not commensurate with the risk. If it is infrequently used then all three would not hurt.