Description Marks Weighting Due date

Assignment 2 – SAP Practical Written Report 100 15% 22th August 2016

Need this or a similar Assignment
Whatsapp/Call: +91-9502220077

The key concepts and frameworks covered in modules 1–4 are particularly relevant for
this assignment. Assignment 2 relates to the specific course learning objectives 1, 2 and 3:
1. analyse information security vulnerabilities and threats and determine appropriate
controls that can be applied to mitigate the potential risks
2. demonstrate an ability to communicate effectively both written and orally about the
management of information security in organisations
And assesses the following graduate skills: The Academic & Professional Literacy and Written &
Oral Communication at level 2.

Assignment 2 consists of three specific tasks regarding SAP R/3 System Security. Your Assignment
2 report must be structured as follows:
● Cover page for your assignment 2
● Table of contents
● Body of report – main section for each task with appropriate use of subsections
for each task sub report
● Task 1 Login to SAP System Student Account and Complete and Save System/User Profile/Own
Data Fields
● Task 2 – Eight reports as specified (include an Excel spreadsheet or Access database) with your
submission of Assignment 2 report
● Task 3 – SAP System Security Settings
● List of References

Task 1 Specifications - Login to SAP R/3 System using your student SAP userid and password and
Complete System/User Profile/Own Data fields that are currently blank as per Screenshot below
Task 1 Requirements - Complete and save following fields in your SAP R/3 Student Account
User Profile
Title, Last name, First name, Function, Department, Room Number, Floor and Building and
provide a screen capture of completed fields in System/User Profile/Own Data Screen in your SAP
R/3 Student Account for Task 1 in your Assignment 2 Report

Task 2 Specifications – Analyze SAP Security Audit Log Data.
Userdata.xls is a spreadsheet log file containing summarized records of user activity on a client’s
SAP R/3 system. Each record contains the following fields:

Field Description
USERID USERID identifies an unique user
YYYYMM YYYYMM describes when the user action took place. YYYYMM is useful
for summarising user activity by month.
TCODE TCODE refers to the transaction (option on the menu) performed by the
TEXT TEXT describes the outcome of the transaction action, including its success
or failure. Some tcodes are blank.
TCODESTAT TCODESTAT is an invented transaction code for each action indicating
whether the action was successful (-0) or failed (-1).
TCD TCD is the same as TCODESTAT, except there is no -0 or -1.
TSTATUS TSTATUS indicates whether the action was successful or not (0/1).
TCOUNT TCOUNT is the number of times the user has performed this action, with
this outcome, in the month YYYYMM.
TTEXT TTEXT is the narrative description of the TCODE.

Task 2 Requirements
Use a software of your choice (spreadsheet, database, statistical package etc) to analyze the provided
SAP Security Audit Log File (Userdata.xls), and generate the required eight user activity reports listed
below and provide a brief description for each user activity report (About 500 words in total for all eight
required reports/graphs) (hint this assignment 2 task 2 is best done using MS Excel pivot tables or
Microsoft Access database SQL queries). The required eight user activity reports are:

1. Alphabetic list of all actions and their frequency by any selected user, e.g. USER-040.
2. List of users performing unsuccessful activities.
3. List of transaction codes performed, with their frequency by each user.
4. List of users engaging in security-related actions.
5. Top 10 users in terms of frequency of activity.
6. List of users who are dormant – in the range USER-001 to USER-050.
7. You should also produce at least 2 reports or charts based on any of the above previous
reports that summarise user activity over time using YYYYMM date format.

TASK 3 Specifications – Analyze and discuss SAP System-Wide Security Settings.
You are required to review the system-wide security settings on a SAP R/3 system. The data file
SAP_RSPARAM_Basis.xlsx contains an extract from the client’s system. Note you should open this
file using an excel spreadsheet to view the system-wide security settings so the fields are aligned
correctly. Hint you can use the search function to locate the appropriate SAP system wide security
settings and their related values in the data file SAP_RSPARAM_Basis.xlsx. Note you will need to
research the relevant SAP System Security literature in order to determine what are recommended
values for each SAP System Security Setting.

Task 3 Requirements complete the following sub tasks:
Task 3a) For each SAP System Security Setting listed in Table 1 complete the User Defined Value,
System Default Value and Recommended Value based on your analysis of the
SAP_RSPARAM_Basis.xlsx file and the relevant SAP System Security Literature.

Table 1 SAP System-Wide Security Settings Date: Prepared by:
SAP System Security User-Defined System Default Recommended
Settings Value Value Value
No auto user SAP*

Failed logins to end

Failed logins to lock

Auto failed unlock

Min password length

Password expiry (days)

Idle Screen logout
No check on Tcodes
Login client No

Task 3b) Provide a written evaluation of each SAP System Security Setting, in terms of User Defined
Value, System Default Value and Recommended Value in the completed Table 1, describing the SAP
System security setting, highlighting any weaknesses exist and if so provide recommendations for
improving the current SAP System Security Setting. Your discussion here should be supported by
appropriate in-text references (1000 words approx). Note some relevant literature resources on SAP
System Security Settings will be provided in Tutorials and Assignment 2 discussion forum.

Note: Submission of your assignment 2 report documents will be via the Assignment 2 submission
link on the course studydesk. Assignment 2 submission consists of two documents (1) a word
document for the Assignment 2 report and (2) an accompanying spreadsheet or an Access database
for task 2 of Assignment 2.
Note carefully University policy on Academic Misconduct such as plagiarism, collusion
and cheating. If any of these occur they will be found and dealt with by the USQ Academic
Integrity Procedures. If proven Academic Misconduct may result in failure of an
individual assessment, the entire course or exclusion from a University program or


Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.