Authorizations For SWO1 - Delegation Execution

Dart, Jocelyn jocelyn.dart at sap.com
Fri Sep 16 03:19:16 EDT 2005 

Hmmm... ok folks so this is purely my personal opinion, but....
 
This sounds like the classic trade-off between security and
functionality, 
 
i.e. no one has access = totally secure = totally useless. 
 
Auditor in need of re-educating. 

Regards, 
Jocelyn Dart 
Senior Consultant 
SAP Australia Pty Ltd. 
Level 1/168 Walker St. 
North Sydney 
NSW, 2060 
Australia 
T   +61 412 390 267 
M   + 61 412 390 267 
E   jocelyn.dart at sap.com 
http://www.sap.com <http://www.sap.com/>  

The information contained in or attached to this electronic transmission
is confidential and may be legally privileged. It is intended only for
the person or entity to which it is addressed. If you are not the
intended recipient, you are hereby notified that any distribution,
copying, review, retransmission, dissemination or other use of this
electronic transmission or the information contained in it is strictly
prohibited. If you have received this electronic transmission in error,
please immediately contact the sender to arrange for the return of the
original documents. 

Electronic transmission cannot be guaranteed to be secure and
accordingly, the sender does not accept liability for any such data
corruption, interception, unauthorized amendment, viruses, delays or the
consequences thereof.

Any views expressed in this electronic transmission are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of SAP AG or any of
its subsidiaries. SAP AG, its subsidiaries, and their directors,
officers and employees make no representation nor accept any liability
for the accuracy or completeness of the views or information contained
herein. Please be aware that the furnishing of any pricing information/
business proposal herein is indicative only, is subject to change and
shall not be construed as an offer or as constituting a binding
agreement on the part of SAP AG or any of its subsidiaries to enter into
any relationship, unless otherwise expressly stated. 

 

________________________________

From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf
Of Martinek, Jerry
Sent: Friday, 16 September 2005 2:52 AM
To: sap-wug at mit.edu
Subject: Authorizations For SWO1 - Delegation Execution



Hi,

 

I'm interested in finding out how other SAP clients are dealing with
this scenario/issue. 

 

Our security group removed the authorization object S_TABU_CLI from all
of our roles in all of our SAP systems (development and production) due
to a perceived security risk. The external auditor who reviewed the SAP
authorizations mentioned that this authorization object poses a risk so
our security group removed it from all SAP environments.

 

This decision basically removes our ability to execute SAP functionality
that updates cross client tables.

 

The immediate impact to me is that I can't execute the 'DELEGATION'
function in SWO1 because you need to have the S_TABI_CLI authorization
object in your role. Now I need to request a temporary authorization
change in order to complete the delegation function. 

 

Is this the norm or was it just a bad auditor?

 

Thanks,

Jerry Martinek  

 

   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/sap-wug/attachments/20050916/64010094/attachment.htm

More information about the SAP-WUG mailing list