Question: Hello Guys, I have a serious issue. Though we have process where we should not create a test Id in prodcution without proper approvals. I have created one as there were too many screens on my ssytem. It was a silly mistake, but seriousone. I have deleted the user Id immediately. But what ca i do so that it can be removed from change documents. Is there any way i can come out of these situation.
Answer:
Let me get this straight...
You are asking us how to circumvent the security and audit systems, so that no one can detect that you have breached company policy, is that correct?
Indeed you do have a serious situation.
Sorry but I will not assist you in this matter.
_________________
Sandi
~~~~
Apparently Father Christmas, the Easter Bunny, the Tooth Fairy and Star Wars aren't real
Tuly kiwi.
Answer:
"Oh what a web we weave when first we begin to deceive."
Face it like a man. What did you really do with the test user? Do you really think you can eliminate all the traces?
_________________
bwSecurity
Answer:
I made a similar silly mistake before by assigning myself a busness process all role very briefly in Production, thinking I was doing it in QA system.
Just admit to the mistake and provided you didn't make any changes (which you should be able to prove) your managers and the auditors should be fine with it. Do not try to erase your steps - this is far more idiotic and serious a mistake than your first.
Answer:
If it was a straight-forward blunder and the id did no 'work' in Prod. then you should cover yourself by e-mailing the system owner/security approver detailing the circumstances - and keep a copy for the auditors.
_________________
Best Regards
Bazza
Answer:
Unless your auditors are very thorough & test a large selection of the controls then you should be fine. Trying to cover your tracks could constitute fraud so fess up & take it like a professional who has made a mistake
Answer:
Yes i actually mailed the process owner as saying it as mistake.And it was taken fine to my relief. Because i have deleted user in just few seconds with no activity done as soon as i realised. Because it was taken seriously last time in some other case, i felt the same questions would arise. But in my case the creation and deletion was done in same minute, it wasn't taken seriously. Thank you guys.
Answer:
Actually you can remove the data using SAP facilities and more than likely the audit will not know what to look for... But owning up to the best answer.
Look at the SU8x seiries of tcodes, they let you ARCHIVE and DELETE the history of user maintenance.
_________________
John A. Jarboe
Answer:
five months before I created and deleted one test user ID in production .
I am not able to trace why I did that .Now SoX auditors are asking an explanation for it ...Wht to do ?I don't have any trace why I created it .
What happens in these cases .What can be the worst case.pls share ur experiences ..
How to Earn Rs.25000 every month in internet without Investment?
Audit escape.
Labels:
sap Audit Faqs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment