Question:
Hi all,
I need information/pointers to info about tools such as those provided by Virsa,Precision-consulting etc for SAP audit..Need inputs regarding installation, maintenance and effectiveness of these tools.
Many thanks for your valuable responses.
Regards,
Vijaya
Answer:
SAP;s SECR or an ID with all the new SAP provided AUDIT roles ( replacement of SECR) is far more useful than these tools which, while they have other functionality, monitor SOD's.
Answer:
We are busy testing the roles too. Hopefully Snowy doesn't lock the topic...
Answer:
The tools you mentioned are fine, where they do have benefit over SAP delivered tools is in the SOD and business process risk management arena rather than the more technical side of security.
When you are buying these products you are buying their SOD knowledge - this is something SAP does not have the resource or ability to provide. The tools provide a pretty and easy way to access and process this information, however it is nothing that well configured and tweaked standard SAP cannot deliver. You are paying mainly for the knowledge behind it rather than the tools themselves.
Too many manufactures will install tools without passing on the knowledge behind it, however it is this which is most valuable.
Answer:
Actually SAP provides RSUSR009 and a newer version both which can be configured to give you SOD analysis. The key is NOT to evaluste tcode combinations but the underlying access that defined the business processes. I have use RSUSR009 At many of my client to prevent the purchase of the expensive tools and over time are able to provide them with a a much easier tool than RSUSR009 ( though I understand the newer RSUSR009 is based on the same idea) SO SAP does provide the functionality just not clear instructions on how to configure it. Hmmm sound like the other tools...
Answer:
Actually SAP provides RSUSR009 and a newer version both which can be configured to give you SOD analysis. The key is NOT to evaluste tcode combinations but the underlying access that defined the business processes. I have use RSUSR009 At many of my client to prevent the purchase of the expensive tools and over time are able to provide them with a a much easier tool than RSUSR009 ( though I understand the newer RSUSR009 is based on the same idea) SO SAP does provide the functionality just not clear instructions on how to configure it. Hmmm sound like the other tools...
Sorry John, I wasn't saying that SAP doesn't deliver the tools - I have used RSUSR009 a few times too, it's defining what goes in there that the vendors add value & is the area that most of my clients at least, have trouble defining.
I would go for standard SAP tools and retained knowledge over an external tool in the majority of cases.
Answer:
Since you mentioned these companies tools, have you had them come to you for a demonstration?
This may help you come to a better decision.