SAP Basis Audit for Securing SAP Clients and Systems

Clients are defined within each instance and the number of clients defined to an instance varies.  The client and instance structure requires security administration to not only consider the security requirements for the instance, but also include client specific security requirements.  The requirements at the client level can vary within the same instance.

SAP Basis Audit

The primary concern for securing clients and instances is restricting ABAP/4, Basis, Configuration, Functional, Security and Table access based on the definition and use of each client and instance.  This access will be administered through the definition of technical roles and production user roles.  The design and administration of these roles will be controlled using the Profile Generator by the Security Development Administrators.

SAP Basis Audit Client Ownership

SAP Basis Audit Systems

The owners approve all significant /major changes or specific access to a system.  Major changes or access may include scheduling a job in a particular system, creation access for ABAP programs, client copies, system refreshes, access to client independent tables and sensitive data as defined by the Business Owner of each particular area.

SAP Basis Audit Instances and Clients

The Instance or Client owner will have the final authorization or rejection capability for all access requests.  Any questions or potential security risks regarding a request or modification of user access will be directed to the client owner.

The Basis team will be responsible for administering and maintaining client ownership assignments and will coordinate with functional team leaders for all system changes and will monitor the system part of SAP Basis Audit.