Professional Documents
Culture Documents
Sap Security Audit
Sap Security Audit
Risk: The SAP_ALL profile grants a user full/complete access to all functions in the SAP system and has the potential to be misused. The SAP_ALL profile should only be assigned to a minimal number of users on the system.
Risk: SAP comes supplied with a number of default user IDs, all of which have default passwords. The passwords to these IDs are well known, and therefore if they are not changed, the IDs could potentially be misused
To review any passwords which are not allowed for users to use: Execute transaction code: SE16 Table name: USR40 Risk: Table USR40 is used to prevent users from using a list of commonly guessed passwords. If it is not used it increases the possibility that users could select trivial passwords or you can use profile parameter to do this