SAP SECURITY AUDIT WHAT TO CHECK

Vijay Kothapalli SAP MENTOR

Confirm that user ID SAP* has been adequately secured Run Report RSUSR003 from T-code SA38 and check User SAP* Default password was changed in Production Clients verify that the parameter login/no_automatic_user_sapstar is set (value =0). How to find users who has SAP_ALL and SAP_NEW Authorizations Execute transaction code SUIM Click on User Click on List of users according to complex selection criteria. Click on By user profiles. Enter SAP_ALL in the Profile field and click Execution button Execute transaction code SUIM Click on User Click on List of users according to complex selection criteria. Click on By user profiles. Enter SAP_NEW in the Profile field and click on the Execution button

Risk: The SAP_ALL profile grants a user full/complete access to all functions in the SAP system and has the potential to be misused. The SAP_ALL profile should only be assigned to a minimal number of users on the system.

Risk: SAP comes supplied with a number of default user IDs, all of which have default passwords. The passwords to these IDs are well known, and therefore if they are not changed, the IDs could potentially be misused

To review any passwords which are not allowed for users to use: Execute transaction code: SE16 Table name: USR40 Risk: Table USR40 is used to prevent users from using a list of commonly guessed passwords. If it is not used it increases the possibility that users could select trivial passwords or you can use profile parameter to do this

Created by trial version, http://www.pdf-convert.com