WF_ADMIN is dying?

Kjetil Kilhavn KJETILK at statoil.com
Fri Jan 13 01:38:27 EST 2006 

Ditto, we don't have (use) generic users.

The recommended (by me) approach, Sherman:
- say it is no problem that they remove the user so long as you get the same authorizations
- when they refuse you just say you think that will cause problems...
- when the problem calls arrive you direct them to a SOX team member ;-)

I lost a lot of authorizations some time back. Funny how easily all the questions disappear when there is a problem to solve and I just tell them they have to solve it themselves since I don't have authorizations that allow me to look at the problem. I am not against restricting people's access, but when they want me to do a job they have to give me the tools. I am not a magician.
-- 
Kjetil Kilhavn, Statoil ØFT KTJ ITS BKS SAP Basis
 

> -----Original Message-----
> From: sap-wug-bounces at mit.edu 
> [mailto:sap-wug-bounces at mit.edu] On Behalf Of Dart, Jocelyn
> Sent: 13. januar 2006 06:27
> To: SAP Workflow Users' Group
> Subject: RE: WF_ADMIN is dying?
> 
> WF-BATCH is the required workflow id.  There is no 
> requirement for a WF-ADMIN or WF_ADMIN or WF_BATCH.
> WF-BATCH must have SAP_ALL - but should also be a non-dialog user. 
> I guess you need to assign your workflow administration 
> functions to the appropriate people and put either a single 
> userid or a position/org unit in SWU3, SWEQADM, etc.
> 
> 
> Regards,
> Jocelyn Dart
> 
> 
> -----Original Message-----
> From: sap-wug-bounces at mit.edu 
> [mailto:sap-wug-bounces at mit.edu] On Behalf
> Of Sue Keohan
> Sent: Friday, 13 January 2006 1:27 PM
> To: SAP Workflow Users' Group
> Subject: Re: WF_ADMIN is dying?
> 
> Hi Sherman,
> 
> We don't even use a WF_ADMIN ID. We have WF_BATCH, sure, and it needs 
> all the authorizations, and is a non-dialog account, but as for the 
> actual administrator(s), we specify a user (non-generic) in 
> customizing,
> 
> and I have the necessary authorizations to trouble-shoot. If 
> I don't, my
> 
> friends in Basis are very accomodating to help keep the business
> flowing.
> 
> Hope this helps,
> Sue
> 
> Wright, Sherman wrote:
> 
> > Hi All -
> >
> > Our auditors have informed me that, due to Sarbanes Oxley, the 
> > WF_ADMIN ID in our production system will be changed. The 
> choices are 
> > that it be 1) De-activated; 2) Converted to a NON-Dialog 
> account; or 
> > 3) that it will have the BARE MINIMUM Display-ONLY access. 
> The idea is
> 
> > that, since we have shared firefighter IDs, one of those 
> can be used 
> > for anything necessary. In trying to document the use and 
> need for the
> 
> > WF_ADMIN, I went to the SAP Library - SAP Business Workflow 
> >
> (http://help.sap.com/saphelp_erp2004/helpdata/en/a5/172437130e
> 0d09e10000
> 009b38f839/frameset.htm) 
> > as well as a couple of other sites (SDN, and the WUG Archives). 
> > Surprisingly, I was unable to find ANYTHING about the need 
> and uses of
> 
> > the WF_ADMIN User ID. Is it a thing of the past? Has Sarbanes Oxley 
> > already killed it (they REALLY don't like "generic" IDs, 
> you know...)?
> >
> > I have surprisingly mixed feelings about this. I understand 
> what they 
> > are saying, and why they feel the way they do. But at the 
> same time, 
> > I'm used to doing things a certain way (8-1/2 years now) 
> and I really 
> > resent the "intrusion".
> >
> > Anyway, how would YOU feel? IS there a necessity for the 
> WF_ADMIN ID? 
> > Are there things for which ONLY the WF_ADMIN ID should be 
> used? Can it
> 
> > all be done by properly authorized individuals? Am I clinging to a 
> > relic of the past? I'd really like to hear your opinions...
> >
> > And thank you for letting me vent to the only group of people that 
> > would have any idea of what I'm talking about! :^)
> >
> > Regards,
> > Sherman


-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorised use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete
this message.
Thank you.

More information about the SAP-WUG mailing list