Question:
OK, I know you probably all find this annoying, but I am working on a presentation and trying to benchmark where we are compared to other companies. Any help would be appreciated. Please list the number of SAP Security staff you have, and the number and types of systems (dev, qual, prod) you support. For r/3, if you want to list modules and other details regarding your implementation's complexity, feel free.
Here is our info:
1 mgr, 2 analysts
4100 business users
r/3 - 10 dev, 4 q, 2 prod (mm,pp,qm,hr,fi,co,sd,fa) very complex, thousands of roles
APO - d, q, p
CRM - 5 dev, q, p
XI - d, q, p
AID - d, q, p
BW - 2 dev, 2 q, p
Solutions Manager - 1 system
Answer:
It all(most) depends on the contents of this:
1 mgr, 2 analysts
and also the conceot and design you / they had when implementing your systems or when you started improving the concept.
Tarr
Answer:
Thank you, Captain Obvious.
We are fully aware of how design impacts work load, maintenance. Our design is appropriate for mitigating the risks outlined at the outset of our project.
We are just trying to get a sense of what other SAP products others support.
Answer:
Thank you, Captain Obvious.
Do those 3 cover all and any system?
Many companies I have seen, do not have the luxury of a security admin.
Tarr
Answer:
Yes, they cover all and any, as well as portals and a few applications outside of SAP.
I am sure some companies don't have the luxury of admins, but I would venture to guess they are not mid to large cap S&P 500 types of companies with very large, geographically and functionally diverse SAP implementations.
Answer:
You would be surprised...
It appears to depend on the pressure and management's awareness for having a hold on what can best be described as the convenience of not having a functioning security organization. Sometimes, security measures also "unhide" bad application management.
But I have become a cynic, and your best benchmark to make remains the contents of the 1 manager, 2 analysts, in my opinion.
Tarr
Answer:
OK, I know you probably all find this annoying, but I am working on a presentation and trying to benchmark where we are compared to other companies. Any help would be appreciated. Please list the number of SAP Security staff you have, and the number and types of systems (dev, qual, prod) you support. For r/3, if you want to list modules and other details regarding your implementation's complexity, feel free.
Here is our info:
1 mgr, 2 analysts
4100 business users
r/3 - 10 dev, 4 q, 2 prod (mm,pp,qm,hr,fi,co,sd,fa) very complex, thousands of roles
APO - d, q, p
CRM - 5 dev, q, p
XI - d, q, p
AID - d, q, p
BW - 2 dev, 2 q, p
Solutions Manager - 1 system
We support approx 60,000 users. We support Dev, QA, and Production of
. R/3 FI, CO, MM, SP, PS ...
. BW
. EBP
. CRM
. HR
. Portal
Staff includes 6 Security Admin, 14 BASIS members, 2 managers, and 1 director.
Answer:
Thank you, Captain Obvious.
We are fully aware of how design impacts work load, maintenance. Our design is appropriate for mitigating the risks outlined at the outset of our project.
We are just trying to get a sense of what other SAP products others support.
polltroll - in future you may find it beneficial to not be sarcastic to people who answer your posts. You’ll then probably get more replies.
Answer:
I don't mind the "Captain Obvious" and actually found it quite funny. Particularly so because it was rather obvious and made me think about answering when I actually have no information to offer on the topic, just a cynical opinion.
I was content with what followed, in that polltroll had already avenged himself for the funny jab:
We are fully aware of how design impacts work load, maintenance.
but prior...
4100 business users .... very complex, thousands of roles
_________________
Try Search
Else SAPNet
Otherwise It was designed not to work.
____________________
Answer:
Guest,
I understand your post, but perhaps if you don't read posts here frequently, you don't understand how rude some of the posters are to others. There is a core group that appears to know everything.
I read Tarr's comment as highly cynical, and responded in cynical manner in turn.
Tarr seems to take great enjoyment in presuming posters have not performed proper risk analysis, that simply because they have a large number of roles, that they are automatically idiots. Nevermind having a detailed understanding of the implementation, the security requirements, etc...just jump right in and have some fun with them.
It's a pattern. Have a look around the site and you will see my meaning.
If a new person shows up, and has a simple question, it is met with a snide comment.
No need to respond to the post any more. I will take my questions to a more professional forum.
Answer:
On this client it's
2800 production users
Dev,Test, Prod
for each of
R/3 (FI, CO, MM, SD & a fair bit of customisation)
HR
CRM
XI
BW
Sol Mgr
1 Sec Consultant (me), though password resets are done through 1st line support.
This will be migrated to 2 FTE's at some point in the next 9-12 months
Al.
Answer:
It was not intended to be highly cynical. But a trace of it is accurately diagnosed. I don't claim not to have an opinion but polltroll is right, he asked for some facts and not an opinion on the quality of the question.
idiots.
Could you expand on this abit please? Are the self proclaimed "gurus" here false idiots?
Answer:
NONONONONO... self-proclaimed gurus are TULY idiots... if you need more information, please, click on the link in my signature
About the rest of the thread, well... I'm not used to visit this board, just landed here because the word "idiot" triggers my spambot.
But expression like "Captain Obvious" and so, and the general tone of this post deserves a lock, in my opinion... more if we think almost all this post is being written by "guest" accounts (included the original poster).
Mr. poll, if you use this same "tone" in the General Discussion forum (you will not be able to write there as a guest, I'm sorry) or under more crowded domains (like the ABAP forum) you will get thousands of answers... and I bet almost none will fit your needs.
Try to be less rude, for Pete's sake! You are asking for "private" information about the companies of this board's posters, in a security forum, under a guest account... what will be the next, post your free-server email and ask for accounts and passwords?
_________________
Brief History of the Tuly Idiots
Bad advices, wrong answers, bigotism
sapfans GD
Ad by Viiiiiic
Answer:
Get back to your sheeps Vic & mediate those crazy coders in the ABAP forum
Cheers
Al.
tell you what, give me your server info & I'll give you mine..........
Answer:
topic is dead, therefore, it is locked.
_________________
SapFans Moderator
NetWeaver ‘04–SAP Web AS for ORACLE certified
Search: /forums/search.php
SAP Notes: http://service.sap.com/notes
SAP Help: http://help.sap.com
Basic Rules: /forums/viewtopic.php?t=222759