Question: my auditor asked me to provide him all the changes to role so far
I went to
SUIM > Change document for role > All change documents (Technical View)
and provided the dump to him
He is now asking me that there are multiple rows in the dump.
The only difference in them is "Table key" is different.
My answer to him is that though they are duplicate rows they are for the same change as long as other fields are not changing.
the different rows are because SAP has around 100's of flags which it resets eg - Coll_AGR and others and thats why the multiple entries
Answer:
Hi Devna,
Again, get an auditor who knows what he is auditing
If this is what the auditor asked for, then it is not your reponsibility to explain it.
In fact, it is a good practice just to give what they ask for and volunteer no other information (as you tend to get biten by such activities later).
Ask him, "is this not the report you asked for?". And if you are evil "you are the auditor, you should know what you are auditing before you ask for it".
Answer:
Hi Devna,
Again, get an auditor who knows what he is auditing
If this is what the auditor asked for, then it is not your reponsibility to explain it.
In fact, it is a good practice just to give what they ask for and volunteer no other information (as you tend to get biten by such activities later).
Ask him, "is this not the report you asked for?". And if you are evil "you are the auditor, you should know what you are auditing before you ask for it".
Good advice from Guest. Personally (and this often gets challenged) I ask to see the credentials of anyone auditing security. If they don't look like they know what they are doing it then challenge it. Your firm is paying for it after all!
Failing that sit with them & ask them to walk you through everything - that is, they tell you what report to run & you run it in front of them. They have no comeback if the info is not what they are looking for.
Also, don't accept what they say as fact unless it makes sense. If they have a risk & you can prove it's mitigated (no matter how - not just how they want to see it) then you have done your bit
How to Earn Rs.25000 every month in internet without Investment?
Auditing Security
Labels:
sap Audit Faqs
Subscribe to:
Post Comments (Atom)
topics
-
▼
2007
(1406)
-
▼
November
(1359)
- Free Download SAP FI Certification study pdf books
- Implementing SAP R/3 on OS/400
- Update SAP Kernel in UNIX based
- Security Audit Log (BC-SEC).pdf
- Security Audit Log.pdf
- Securities,pdf
- Secure Store & Forward / Digital Signatures (BC-SE...
- Secure Network Communications (BC-SEC-SNC)
- Free download use ful T-codes
- I did not find any OSS notes appropriate for my pr...
- How to apply OSS notes number?
- What is OSS Notes number?
- Where can i access SAP OSS?
- WHAT IS OSS
- Disaster Recovery Plan to Restore Production System
- Steps to Install SAP Note in sap
- Difference Between SAP Notes and Support Package
- Question : Subject : Support packages testing
- Five Different "User Type"
- How to solve the Time Zone Definition Problems?
- Setting the User Decimals Format
- Schedule Manager
- Various Important SAP Basis T-Code
- Trace Functions in sap
- System Trace: Error Analysis in sap
- System Trace(ST01) in sap
- Roles and Authorizations Used in Background Proces...
- Deleting Multiple Spool Requests Simultaneously in...
- Logging and Tracing in spool
- Print and Output Management in spool
- Background Job Monitoring Monitor in CCMS
- Monitoring the Database Using the Alert Monitor
- Monitoring the Operating System Using the Alert Mo...
- Monitoring Memory Management Using the Alert Monitor
- Method Dispatching Monitor in CCMS
- Remote Application Server Status Monitor in CCMS
- GRMG Self-Monitoring Monitor in CCMS
- CCMS Selfmonitoring Monitor for System-Wide Data i...
- Logfile Monitoring Monitor in CCMS
- Logon Load Balancing Monitor in CCMS
- Transaction-Specific Dialog Monitor in CCMS
- Workload Collector Monitor in CCMS
- System Errors Monitor in CCMS
- System Configuration Monitor in CCMS
- Syslog Monitor in CCMS
- Spool System Monitor in CCMS
- Security Monitor in CCMS
- Performance Overview Monitor in CCMS
- Operating System Monitor in CCMS
- Filesystems Monitor in CCMS
- Entire System Monitor in CCMS
- Monitoring the Enqueue Service in CCMS
- Dialog per Application Server Monitor in CCMS
- Dialog Overview Monitor in CCMS
- Database Monitor in CCMS
- Transactional RFC and Queued RFC Monitor in CCMS
- Communications Monitor in CCMS
- Buffers Monitor in CCMS
- Background Job Monitoring Monitor(CCMS)
- Background Processing Monitor(CCMS)
- Availability and Performance Overview Monitor (CCMS)
- SAP CCMS Monitor Templates Monitor Set
- Creating and Changing a Monitoring Pause(CCMS)
- Creating and Changing Monitoring Rules(CCMS)
- Configuring Availability Monitoring(CCMS)
- Update Repositories(CCMS)
- Displaying Central Performance History Reports(CCMS)
- Displaying Report Properties
- Scheduling and Executing a Report
- Variables in Group Names
- Creating a Report Definition(CCMS)
- Maintaining Collection and Reorganization Schemata...
- Maintaining Collection and Reorganization Schemata...
- Creating and Editing a Calendar Schema(CCMS)
- Creating and Editing a Day Schema
- Customizing the Alert Monitor(CCMS)
- Resetting MTEs and Alerts(CCMS)
- Reorganizing Completed Alerts(CCMS)
- Display Completed Alerts(CCMS)
- Automatically Complete Alerts(CCMS)
- Completing Alerts(CCMS)
- Starting Methods (CCMS)
- Processing Alerts(CCMS_
- Displaying the Technical View: Central Performance...
- Displaying the Technical View: Threshold Values(CCMS)
- Displaying the Technical View: Status Autoreaction...
- Displaying the Technical View: Status Data Collector
- Displaying the Technical View: Method Allocation
- Displaying the Technical View: Info on MTE
- Display Types and Views of the Alert Monitor(CCMS)
- Properties of Status Attributes (CCMS)
- Properties of Performance Attributes(CCMS)
- Properties of Log Attributes (CCMS)
- General Properties of Monitoring Tree Elements(CCMS)
- Properties of Monitoring Objects and Attributes
- Elements of the Alert Monitoring Tree
- Alert Monitoring Tree(CCMS)
- Monitors(CCMS)
- Monitor Sets (CCMS)
- Elements of the Alert Monitor (CCMS)
-
▼
November
(1359)
No comments:
Post a Comment