WF_ADMIN is dying?

Stephens, Monique S L moniques at bcm.tmc.edu
Fri Jan 13 08:40:31 EST 2006 

Our company is about to change security for our non-dialog users as well because of SOX.  Are you saying that WF-BATCH should keep SAP_ALL even with SOX?  If so, can you provide me the reasons so that I can inform our security people.  I agree that the ID should keep SAP_ALL.  But, I need to give
them valid reasons.

Monique Stephens

-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf Of Dart, Jocelyn
Sent: Thursday, January 12, 2006 11:27 PM
To: SAP Workflow Users' Group
Subject: RE: WF_ADMIN is dying?

WF-BATCH is the required workflow id.  There is no requirement for a
WF-ADMIN or WF_ADMIN or WF_BATCH.
WF-BATCH must have SAP_ALL - but should also be a non-dialog user. 
I guess you need to assign your workflow administration functions to the
appropriate people 
and put either a single userid or a position/org unit in SWU3, SWEQADM,
etc.


Regards,
Jocelyn Dart
Senior Consultant
SAP Australia Pty Ltd.
Level 1/168 Walker St.
North Sydney 
NSW, 2060
Australia
T   +61 412 390 267
M   + 61 412 390 267
E   jocelyn.dart at sap.com
http://www.sap.com

The information contained in or attached to this electronic transmission
is confidential and may be legally privileged. It is intended only for
the person or entity to which it is addressed. If you are not the
intended recipient, you are hereby notified that any distribution,
copying, review, retransmission, dissemination or other use of this
electronic transmission or the information contained in it is strictly
prohibited. If you have received this electronic transmission in error,
please immediately contact the sender to arrange for the return of the
original documents. 
Electronic transmission cannot be guaranteed to be secure and
accordingly, the sender does not accept liability for any such data
corruption, interception, unauthorized amendment, viruses, delays or the
consequences thereof.
Any views expressed in this electronic transmission are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of SAP AG or any of
its subsidiaries. SAP AG, its subsidiaries, and their directors,
officers and employees make no representation nor accept any liability
for the accuracy or completeness of the views or information contained
herein. Please be aware that the furnishing of any pricing information/
business proposal herein is indicative only, is subject to change and
shall not be construed as an offer or as constituting a binding
agreement on the part of SAP AG or any of its subsidiaries to enter into
any relationship, unless otherwise expressly stated. 


-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu] On Behalf
Of Sue Keohan
Sent: Friday, 13 January 2006 1:27 PM
To: SAP Workflow Users' Group
Subject: Re: WF_ADMIN is dying?

Hi Sherman,

We don't even use a WF_ADMIN ID. We have WF_BATCH, sure, and it needs 
all the authorizations, and is a non-dialog account, but as for the 
actual administrator(s), we specify a user (non-generic) in customizing,

and I have the necessary authorizations to trouble-shoot. If I don't, my

friends in Basis are very accomodating to help keep the business
flowing.

Hope this helps,
Sue

Wright, Sherman wrote:

> Hi All -
>
> Our auditors have informed me that, due to Sarbanes Oxley, the 
> WF_ADMIN ID in our production system will be changed. The choices are 
> that it be 1) De-activated; 2) Converted to a NON-Dialog account; or 
> 3) that it will have the BARE MINIMUM Display-ONLY access. The idea is

> that, since we have shared firefighter IDs, one of those can be used 
> for anything necessary. In trying to document the use and need for the

> WF_ADMIN, I went to the SAP Library - SAP Business Workflow 
>
(http://help.sap.com/saphelp_erp2004/helpdata/en/a5/172437130e0d09e10000
009b38f839/frameset.htm) 
> as well as a couple of other sites (SDN, and the WUG Archives). 
> Surprisingly, I was unable to find ANYTHING about the need and uses of

> the WF_ADMIN User ID. Is it a thing of the past? Has Sarbanes Oxley 
> already killed it (they REALLY don't like "generic" IDs, you know...)?
>
> I have surprisingly mixed feelings about this. I understand what they 
> are saying, and why they feel the way they do. But at the same time, 
> I'm used to doing things a certain way (8-1/2 years now) and I really 
> resent the "intrusion".
>
> Anyway, how would YOU feel? IS there a necessity for the WF_ADMIN ID? 
> Are there things for which ONLY the WF_ADMIN ID should be used? Can it

> all be done by properly authorized individuals? Am I clinging to a 
> relic of the past? I'd really like to hear your opinions...
>
> And thank you for letting me vent to the only group of people that 
> would have any idea of what I'm talking about! :^)
>
> Regards,
> Sherman
>
>-----------------------------------------------------------------------
-
>
>_______________________________________________
>SAP-WUG mailing list
>SAP-WUG at mit.edu
>http://mailman.mit.edu/mailman/listinfo/sap-wug
>  
>
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug

_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug

More information about the SAP-WUG mailing list