Question:
When auditors returns from their seminars and conventions on SAP security, among other things they have picked up is a list of so called “critical technical tables” in view of system security/ integrity . And they want us basis folks to switch the change log on to.
My auditor hasn’t been there yet, but just to be prepared, does anyone have one of these lists or can anyone refer me to a place where I can look up “THE LIST” to end all auditors.
Answer:
DD09L is likely to be one of them due to the field PROTOKOLL.
Answer:
All DD tables will be candidates as I see it, and you are right: DD09L is a premium candidate because the change logging flag is stored in the field PROTOKOLL . But aren't there any other tables beside DD tables, user and authorisation tables, tables for background job management. System changes options (where?) and client settings (T000).
The hard way to dig for it, is to analyse all known critical techinal transaction codes and screen for accessed tables. But someone must have been there before.
Answer:
Many are default flagged, others have change docs created (do not table change log everything). The delta will depend on what you have in the system and what your requirements are... and how far you dig and develop your own.