Question:
Hi,
I would like to know the list of the critical objects one needs to keep in mind while designing authorizations. Please help me as I not aware of
any critical objects. Thanks in advance
-carry
Answer:
where to start? a few system objects in no particular order, they all need attention to make sure they are secured adequately. Obviously there are also a fair number of functional objects too! This is not a definitive list by any means.
S_BTCH_ADM
S_RZL_ADM
S_ADMI_FCD
S_LOG_COM
S_PROGRAM
S_DEVELOP
S_RFC
S_TRANSPRT
S_CTS_ADMI
S_SPO_AUTH
Answer:
where to start? a few system objects in no particular order, they all need attention to make sure they are secured adequately. Obviously there are also a fair number of functional objects too! This is not a definitive list by any means.
S_BTCH_ADM
S_RZL_ADM
S_ADMI_FCD
S_LOG_COM
S_PROGRAM
S_DEVELOP
S_RFC
S_TRANSPRT
S_CTS_ADMI
S_SPO_AUTH
Thank you for your response. It was very helpful
Answer:
That is a good list but you can't blindly forbid folks from authorizations for these objects. You have to understand the object and how to use it. In some cases ALL of your users will have authorizations for some of the objects.
Answer:
Without a concept as to who to give which values for them and which ones, you are pretty much in the mud from the start (or more likely about 2 years down the line you will realize it).
Some more objects and cautionary steps to be taken are documented here, even if they "appear" a bit out of date.
Tarr
_________________
Try Search
Else SAPNet
Otherwise It was designed not to work.
____________________
Answer:
sometimes handy to look at what the good audits look out for and plan around that - obviously some things won't fit your business but you can at least have answers around risk mitigation prepared.
Google "Sap Audit" there's tons of stuff around.
this looks alright at a first glance:
http://www.sapsecurity.net/securitydocs.htm