CheckAud® for SAP® Systems Development Goals
CheckAud® for SAP® Systems was developed with the goal of making the authorization concept transparent and the audit of access rights easy. All available access rights are displayed in various navigable tree structures. For example, the profiles of users can be displayed, and each component, down to the current value of a field, can be selected and studied. Conversely, you can view the same information in a table view, with all attributes on one page. Other useful options include the data filters. You can, for example, display only those users who have not logged on within a 90 day period. All results can be saved as a report at any time.
Overwhelmed by Authorizations
The SAP® authorization concept is very complicated. Therefore an audit program like CheckAud® for SAP® Systems is absolutely essential. SAP® presents the auditor with the following challenges:
- Most of the names of authorizations are unrecognizable, often abbreviations of German names (what is the authorization V_KNKK_FRE used for?)
- It's often difficult to determine which authorization is needed for a specific task (which authorizations are needed to post an invoice?)
- Many queries are difficult (who can work in more than one company code) or nearly impossible (display a list of all blocked transactions) without the help of ABAP programmers.
You can probably think of hundreds of queries like these. Even the highly acclaimed AIS in SAP® cannot provide the answers. With CheckAud® for SAP® Systems, you can evaluate extensive access rights, with English descriptions and explanations, painlessly and quickly.
The Questions Answered by CheckAud® for SAP® Systems
CheckAud® for SAP® Systems provides you with a collection of evaluations which are essential in an audit. Of special importance for data protection officers are the questions:
- Who can read tables containing personal employee data?
- Which user activities are logged, and who can review them?
- Are the rules for user passwords being followed?
- And many other possibilities...
All of this information can be displayed on your screen with one click. It can just as easily be saved in a report.
Standard Reports in CheckAud® for SAP® Systems
In CheckAud® for SAP® Systems a long list of standard reports are available which cover the most frequently asked questions in a SAP® system, for example:
- Which users have not yet logged on?
- Which users have been blocked by an administrator?
- Do the special users still have their standard passwords?
- Are there users who haven't changed their initial password?
- Which users have critical profiles (SAP_ALL, S_A.SYSTEM, Z_ANWEND, ...)
- Are there users with all the rights to manage authorizations?
- Which users have development authorizations?
- And many more...
All reports have two parts. The header section summarizes the results. A report concerning users with critical profiles will describe the profiles in the header and report the numbers assigned to each profile. In the second part of the report, the individual users will be listed by profile.
Evaluation of Critical Authorizations with CheckAud® for SAP® Systems
A main focus of CheckAud® for SAP® Systems is the evaluation of critical authorizations. There are two basic types of critical authorizations:
- Authorization objects that alone are clearly critical (such as S_DEVELOP in the ABAP development area)
- Authorization objects which only become critical when they are combined with other specific authorization objects (for example, the right to create customer master records, post transactions to them, and then start the payment run).
CheckAud® for SAP® Systems works easily with both types of critical authorizations. The software is delivered with over 1,000 already defined critical authorizations which can be immediately evaluated and displayed. Because each organization is unique, additional critical authorizations can be created for complete coverage of all possible risks.
|
