<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>Hi,</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>I’m interested in finding out how other SAP
clients are dealing with this scenario/issue. </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>Our security group removed the authorization object S_TABU_CLI
from all of our roles in all of our SAP systems (development and production) due
to a perceived security risk. The external auditor who reviewed the SAP
authorizations mentioned that this authorization object poses a risk so our
security group removed it from all SAP environments.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>This decision basically removes our ability to
execute SAP functionality that updates cross client tables.</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>The immediate impact to me is that I can’t execute
the ‘DELEGATION’ function in SWO1 because you need to have the
S_TABI_CLI authorization object in your role. Now I need to request a temporary
authorization change in order to complete the delegation function. </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>Is this the norm or was it just a bad auditor?</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>Thanks,</span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'>Jerry Martinek </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-CA style='font-size:
10.0pt;font-family:Arial'> </span></font></p>
</div>
</body>
</html>