SAPLIB

What if you have a small branch office and just one accounting clerk? What if you have year-end closing and need to grant exceptional access to the system?

Remember the master key? The key supervisor hands it out to someone who needs it desperately, and never gets it back. The people who receive these special keys are called superusers. Just like Superman, superusers have superpowers and can do anything.

Superuser access is hard to manage and risky to control, and yet it is sometimes needed. Some users are given carte blanche access, giving them free access to all systems, all objects, all transactions. This is the worst case scenario, because it means that their company has no control over who does what.

Furthermore, one of the first questions external auditors ask is “How many users have superuser access?”

For all these reasons, exceptional access needs to be managed carefully. Rather than handing out such access freely, both IT and business need to coordinate their work so that privileges can be granted, monitored, and revoked in a timely fashion to prevent SoD violations.

Popularity: 10% [?]

This entry was posted on Friday, January 23rd, 2009 at 8:21 pm and is filed under Audit, Control. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.