ExpressGRC | SAP Cyber Security Software for SAP Compliance

Auditing your SAP Tables for Compliance

SAP Table is a Critical piece in the SAP Audit Compliance.  The auditor should identify all the custom tables in the SAP System. The First Step is to find the authorization group of the Table. This can be done with transaction SE11. Enter the table and click on Display button. Then click on Table Maintenance generator from the utility menu to display the Authorization Group of the table.

SAP Table Audit Compliance
SAP Table Audit Compliance
SAP Table Authorization Group

If you want to get the list of all the tables and their authorization group and the table TDDAT  has the link between Table and auth group. With this list, you can identify the table without authorization group, misrepresented authorization groups and right authorization group. You may need to get help from the functional team to understand the right authorization group. It is good to identify the sensitive vs the non-sensitive and also functional team so you can clearly articulate which role can have access to the tables

SAP Table Audit Compliance

SAP Table Authorization Concept

Table creation is controlled by S_DEVELOP which is checked when the users use transaction SE11. for using the transaction in the creation mode the user has to be registered and have a developer key.

SAP Table data entry is controlled be S_TABU_DIS and S_TABU_CLI ( Client Independent table)  The transaction which can help the user enter data into the table are SM30, SE16, SE16N). SE17 can purely display the transaction.

The SAP Authorization group S_TABU_DIS  has Activity and Auth  group fields

 

The SAP Transaction SE54  is used to  assign authorization group to the table

Click here to Download the SAP GRC Step by Step Guide

Exit mobile version