Question:
Our auditor has asked us to Remove all unnecessary Developers keys in the systems.
How to do this? I know the table where they keys stored, does it mean I have to delete them from the table ?
Answer:
Your auditor is a dumb-ass. Please point him to this post on sap fans. Just tell him (correctly) that there is no maintenance transaction to do this.
Also tell him that this would remove an element of the audit trail from the system.
If you want to keep someone from developing in the system take away their authorizations. If they are gone take away their user ids. The next thing you do is monitor transports so that they can't introduce code into production.
(I jumped to a conclusion didn't I? It could be that y'all program directly in production. If so then consider yourselves hosed....)
ps any developer who can't code without a developer key should be fired for incompetence.
Answer:
You can deactivate a developer key by deleting the entry in OSS for that installation and expiring or deleting the SAP userid. Number of developer keys for an installation should be mentioned in the contract with SAP. See to that the registered developer keys do not exceed the limit.
_________________
MRK
Answer:
Deleting the developer key in OSS doesn't mean much.
Answer:
THe auditor is correct you shoudl remove the records for deleted and unused ids. You will have to have an ABAP written to do this. THe table is DEVACCESS and if the IDs with the developer key is left in the table it is one step closer to use the backdoors to get access to develop code in any system. THe steps to accommplish this are quite easy and untraceable for the most part.