BASIS segregation of duties (SAP) 752

  • Hi everybody.
    Because of SOX, we are working on BASIS segregation of duties.
    The thing is that we are not sure if BASIS should have SAP ALL� permissions (all permissions) as it now has.
    I mean, we don’t know requirements for BASIS role so we may not have proper segregation of duties.
    Has anyone else get any experience of this, or has anyone any documentation about it or where I could get some information.
    I’d appreciate any advice.
    Thank you all

  • In response to your question: segregation of duties should most certianly be enfoced within the SAP R/3 environment. Take for example the ability to create users, create profiles and assign those profiles to users. This allows for the direct circumvention of all access controls and has a direct impact on the reliance that can be placed on the application controls e.g. release strategies. No users should be assigned the SAP_ALL profile -> this is an immediate exception as there are noramlly no real strong compensating controls that are enforced to mitigate the risk (e.g. create seperate account and assign SAP_ALL, lock the acocunt, ensure that formal approval is obtained by an independent person, 2 people should be present when access is granted to the account - ie monitoring of actions, etc.) Only with these controls in place, would suffecient comfort be obtained. Hope this answers your question.

Log in to reply