Dear Experts,
yes the question became very generic, i will try to give some details.
My client is using SAP for a quite long time but they could not able to maintain good security measures
by seeing the system i analysed some issues as below.
- Secure password policy is not sufficiently enforced.
- A high number of users has critical authorizations
- Standard users including SAP* or DDIC are having default passwords.
- Dialog users are having access to Powerful profiles like SAP_ALL.
- Changes are carried out directly in Production like tables, roles, configuration changes .
- Many users are part of “SUPER” user group
- User master records are not updated with required details.
- User changes are made by SAP* in production.
So i want to suggest some audit activities which can be carried out weekly, monthly, quartly
so that there will be a systematic process to check security of the production ion system.
and there will be no rush and mass changes before the Yearly Audit.
Please advise.
Regards
Sanyukta