WF_ADMIN is dying?
Andy.M.Catherall@csplc.com
Andy.M.Catherall at csplc.com
Fri Jan 13 11:16:25 EST 2006
We've gone through a lot of SOX pain here, however the need for WF-BATCH to
have SAP_ALL (and SAP_NEW) has been readily accepted. I've not heard
anything suggesting that the auditors have been unhappy with this, which
suggests that it meets the requirements for the legislation.
Never used WF-ADMIN. I log on as me, through firefighter IDs.
Andy
"Shrestha, Bijay"
<Bijay.Shrestha at pra To: "SAP Workflow Users' Group" <sap-wug at mit.edu>, "SAP Workflow Users' Group"
gmatek.com> <sap-wug at mit.edu>
Sent by: cc:
sap-wug-bounces at mit Subject: RE: WF_ADMIN is dying?
.edu
13/01/2006 14:29
Please respond to
"SAP Workflow
Users' Group"
SAP's document recommends to have SAP_ALL. The main reason is workflow is
cross application it could go to any application area. If you give SAP_ALL
to this system ID you don't have to add security for each Workflow
application that you are going to activate.
Another good point is, this is system id NOT Dialog id so this ID could be
treated as any other Batch id which runs for Background jobs etc.
Bijay Shrestha
Sr. Consultant
Pragmatek Consulting Group
-----Original Message-----
From: sap-wug-bounces at mit.edu on behalf of Stephens, Monique S
L
Sent: Fri 1/13/2006 7:40 AM
To: SAP Workflow Users' Group
Cc:
Subject: RE: WF_ADMIN is dying?
Our company is about to change security for our non-dialog
users as well because of SOX. Are you saying that WF-BATCH should keep
SAP_ALL even with SOX? If so, can you provide me the reasons so that I can
inform our security people. I agree that the ID should keep SAP_ALL. But,
I need to give
them valid reasons.
Monique Stephens
-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu]
On Behalf Of Dart, Jocelyn
Sent: Thursday, January 12, 2006 11:27 PM
To: SAP Workflow Users' Group
Subject: RE: WF_ADMIN is dying?
WF-BATCH is the required workflow id. There is no requirement
for a
WF-ADMIN or WF_ADMIN or WF_BATCH.
WF-BATCH must have SAP_ALL - but should also be a non-dialog
user.
I guess you need to assign your workflow administration
functions to the
appropriate people
and put either a single userid or a position/org unit in SWU3,
SWEQADM,
etc.
Regards,
Jocelyn Dart
Senior Consultant
SAP Australia Pty Ltd.
Level 1/168 Walker St.
North Sydney
NSW, 2060
Australia
T +61 412 390 267
M + 61 412 390 267
E jocelyn.dart at sap.com
http://www.sap.com
The information contained in or attached to this electronic
transmission
is confidential and may be legally privileged. It is intended
only for
the person or entity to which it is addressed. If you are not
the
intended recipient, you are hereby notified that any
distribution,
copying, review, retransmission, dissemination or other use of
this
electronic transmission or the information contained in it is
strictly
prohibited. If you have received this electronic transmission
in error,
please immediately contact the sender to arrange for the
return of the
original documents.
Electronic transmission cannot be guaranteed to be secure and
accordingly, the sender does not accept liability for any such
data
corruption, interception, unauthorized amendment, viruses,
delays or the
consequences thereof.
Any views expressed in this electronic transmission are those
of the
individual sender, except where the message states otherwise
and the
sender is authorized to state them to be the views of SAP AG
or any of
its subsidiaries. SAP AG, its subsidiaries, and their
directors,
officers and employees make no representation nor accept any
liability
for the accuracy or completeness of the views or information
contained
herein. Please be aware that the furnishing of any pricing
information/
business proposal herein is indicative only, is subject to
change and
shall not be construed as an offer or as constituting a
binding
agreement on the part of SAP AG or any of its subsidiaries to
enter into
any relationship, unless otherwise expressly stated.
-----Original Message-----
From: sap-wug-bounces at mit.edu [mailto:sap-wug-bounces at mit.edu]
On Behalf
Of Sue Keohan
Sent: Friday, 13 January 2006 1:27 PM
To: SAP Workflow Users' Group
Subject: Re: WF_ADMIN is dying?
Hi Sherman,
We don't even use a WF_ADMIN ID. We have WF_BATCH, sure, and
it needs
all the authorizations, and is a non-dialog account, but as
for the
actual administrator(s), we specify a user (non-generic) in
customizing,
and I have the necessary authorizations to trouble-shoot. If I
don't, my
friends in Basis are very accomodating to help keep the
business
flowing.
Hope this helps,
Sue
Wright, Sherman wrote:
> Hi All -
>
> Our auditors have informed me that, due to Sarbanes Oxley,
the
> WF_ADMIN ID in our production system will be changed. The
choices are
> that it be 1) De-activated; 2) Converted to a NON-Dialog
account; or
> 3) that it will have the BARE MINIMUM Display-ONLY access.
The idea is
> that, since we have shared firefighter IDs, one of those can
be used
> for anything necessary. In trying to document the use and
need for the
> WF_ADMIN, I went to the SAP Library - SAP Business Workflow
>
(
http://help.sap.com/saphelp_erp2004/helpdata/en/a5/172437130e0d09e10000
009b38f839/frameset.htm)
> as well as a couple of other sites (SDN, and the WUG
Archives).
> Surprisingly, I was unable to find ANYTHING about the need
and uses of
> the WF_ADMIN User ID. Is it a thing of the past? Has
Sarbanes Oxley
> already killed it (they REALLY don't like "generic" IDs, you
know...)?
>
> I have surprisingly mixed feelings about this. I understand
what they
> are saying, and why they feel the way they do. But at the
same time,
> I'm used to doing things a certain way (8-1/2 years now) and
I really
> resent the "intrusion".
>
> Anyway, how would YOU feel? IS there a necessity for the
WF_ADMIN ID?
> Are there things for which ONLY the WF_ADMIN ID should be
used? Can it
> all be done by properly authorized individuals? Am I
clinging to a
> relic of the past? I'd really like to hear your opinions...
>
> And thank you for letting me vent to the only group of
people that
> would have any idea of what I'm talking about! :^)
>
> Regards,
> Sherman
>
>-----------------------------------------------------------------------
-
>
>_______________________________________________
>SAP-WUG mailing list
>SAP-WUG at mit.edu
>http://mailman.mit.edu/mailman/listinfo/sap-wug
>
>
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug
_______________________________________________
SAP-WUG mailing list
SAP-WUG at mit.edu
http://mailman.mit.edu/mailman/listinfo/sap-wug
***********************************************************************************
This e-mail is confidential and may contain privileged information. If you are not the addressee or if you have received the e-mail in error, it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information which it contains.
Under these circumstances, please notify us immediately by returning this mail to 'mailerror at csplc.com' and deleting this e-mail from your system.
Any views expressed by an individual within this e-mail do not necessarily reflect the views of Cadbury Schweppes Plc or its subsidiaries. Whilst we have taken reasonable steps to ensure that this e-mail and attachments are free from viruses, recipients are advised to subject this mail to their own virus checking, in keeping with good computing practice.
Visit our website at www.cadburyschweppes.com
***********************************************************************************
More information about the SAP-WUG
mailing list