How to analyse the risk of super users in SAP with SQL
In today’s blog post we won’t analyse stamps for sure, but the risks of extensive administration rights on your SAP system. You will get to know, which kind of risks exist, how you can analyse them and which actions to take as a result.
Part 2 of the series: “Operations done by super users”
1. How to avoid manipulations done by super users
2. How to analyse the risk of super users in SAP with SQL
3. Do it yourself: Analytics of SAP super users in Excel
4. Advanced Analytics: What you definitely should know about SAP super users
How do you recognize that a super user is posting in SAP?
Extensive SAP administration rights are usually given by assigning certain SAP profiles to a user. If you are trying to find out if users have posted with such profiles, you will get the postings you are looking for. In particular, the SAP profiles SAP_ALL and SAP_NEW are considered particularly far-reaching. One criterion for assessing the associated risk of super users in SAP is the number of accounting documents posted by a user with SAP_ALL or SAP_NEW. But notice: there can be other critical SAP authorization profiles as well.
How to get data for a super user analysis?
If you want to analyse the postings of super users in your SAP system, you need the necessary data structures and data from your SAP system. You can perform a data download from your SAP system using zap Audit. The analytics of super users is part of zap Audit.
How to get the data for the super user analytics?
I will show you technically how it works! This requires nothing other than standard SQL. You find a step-by-step instruction for super user analytics in my whitepaper. I am explaining how you can perform the analytics of super user postings in SAP by simply using SQL. If you are interested in the step-by-step instruction, just follow this link: