{"id":11376,"date":"2017-01-20T11:00:00","date_gmt":"2017-01-20T11:00:00","guid":{"rendered":"https:\/\/zapliance.com\/?p=11376"},"modified":"2022-08-26T14:14:56","modified_gmt":"2022-08-26T14:14:56","slug":"how-to-avoid-manipulations-done-by-super-users","status":"publish","type":"post","link":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/","title":{"rendered":"How to avoid manipulations done by super users"},"content":{"rendered":"\n<p>In my four-part blog series, I will illustrate&nbsp;the risk of extensive access rights to SAP systems.&nbsp;You will find out what risks exist, how to analyze the risks and what actions&nbsp;to be taken.<\/p>\n\n\n\n<p>Part 1 of the series: \u201cOperations done by super users\u201d<\/p>\n\n\n\n<p><strong>1. How to avoid manipulations done by super users<\/strong>&nbsp;<br>2.&nbsp;<a href=\"https:\/\/zapliance.com\/blog\/how-to-analyse-the-risk-of-super-users-in-sap-with-sql?lang=en\">How to analyse the risk of&nbsp;super users in SAP&nbsp;with SQL<\/a><br>3.&nbsp;<a href=\"https:\/\/zapliance.com\/blog\/do-it-yourself-analytics-of-sap-super-users-in-excel?lang=en\">Do it yourself: Analytics of&nbsp;SAP super users in Excel<\/a>&nbsp;<br>4.&nbsp;<a href=\"https:\/\/zapliance.com\/blog\/advanced-analytics-what-you-should-also-know-about-sap-super-users?lang=en\">Advanced Analytics: What you definitely should know about SAP&nbsp;super users<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SAP&nbsp;administration rights<\/h2>\n\n\n\n<p>Posting with SAP administration rights should actually be prohibited by itself. But often this is convenient for certain users. Once&nbsp;I was frightened by an audit, where millions of postings&nbsp;were done&nbsp;by users with SAP administration rights. If you believe or not, there are things like that\u2026 and it is not that uncommon. My tip: Check your company for opened barn doors.&nbsp;There is a considerable risk that users with SAP administration rights can easily circumvent the internal control system.&nbsp;The four-eyes principle, approvals&nbsp;and segregation of duties,&nbsp;e.g. posting and paying payments can be circumvented.&nbsp;It is even possible to commit several segregation of duties&nbsp;so that entire business processes&nbsp;can only be carried out by a single person, for example, from the vendor master data system to a&nbsp;purchase order to the accounting contral&nbsp;and payment. Like this fake suppliers&nbsp;could be installed and money from the company could be transfered to one of these suppliers.<\/p>\n\n\n\n<p>When assigning authorizations in SAP systems, the minimum principle should apply. This means, every user should only receive the access rights he needs to accomplish his work. An estimation of whether access rights are actually minimally assigned is often opaque and complex in practice.&nbsp;But with simple analytics&nbsp;one can at least investigate that extensive SAP administration rights are not used in the productive system.&nbsp;By analyzing postings by users with SAP administration rights, the following questions can be reflected:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Are there any postings made by users with SAP administration rights?<\/li><li>How often are&nbsp;administration rights&nbsp;used?<\/li><li>Do users of the departments have administrative rights?<\/li><li>By asking your user administrators, you can find out, if a SAP authorization system exists<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Why are&nbsp;super users posting in SAP?<\/h2>\n\n\n\n<p>In general, super users in SAP should be avoided. This is nevertheless the case for the following reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>There is no decent authorization concept and users are given SAP administration rights so that no one complains.<\/li><li>Executives retain comprehensive authorizations in the SAP system.<\/li><li>Automatic batch jobs that require an SAP user account for processing have extensive SAP administration rights. Do not be too compliant when it is claimed that there is no possibility for technical reasons!<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to avoid postings by&nbsp;super users in SAP?<\/h2>\n\n\n\n<p>The SAP administration rights should be reserved for only one emergency user.&nbsp;In addition, these administrative rights should not be used for daily business transactions.&nbsp;There should be a clear policy in your organization. Nonetheless you should regularly check for postings done by super users in your SAP system.<\/p>\n\n\n\n<p>In the next blog post, you will learn how to automatically analyze whether there is a problem with your SAP administration rights and how extensive this problem is in your company.<\/p>\n\n\n\n<p>zapliance has implemented this audit question, so that you can analyze, who of your super users did what within your system. This is a cross process indicator. In my last series I have introduced a wide range of cross process indicators.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my four-part blog series, I will illustrate&nbsp;the risk of extensive access rights to SAP systems.&nbsp;You will find out what risks exist, how to analyze the risks and what actions&nbsp;to be taken. Part 1 of the series: \u201cOperations done by super users\u201d 1. How to avoid manipulations done by super users&nbsp;2.&nbsp;How to analyse the risk [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":10699,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[38,37,40],"tags":[],"class_list":["post-11376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-en-audit","category-en-compliance","category-en-finance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to avoid manipulations done by super users - zapliance<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to avoid manipulations done by super users - zapliance\" \/>\n<meta property=\"og:description\" content=\"In my four-part blog series, I will illustrate&nbsp;the risk of extensive access rights to SAP systems.&nbsp;You will find out what risks exist, how to analyze the risks and what actions&nbsp;to be taken. Part 1 of the series: \u201cOperations done by super users\u201d 1. How to avoid manipulations done by super users&nbsp;2.&nbsp;How to analyse the risk [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\" \/>\n<meta property=\"og:site_name\" content=\"zapliance\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-20T11:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-26T14:14:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"962\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nick Gehrke\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nick Gehrke\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\"},\"author\":{\"name\":\"Nick Gehrke\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/ef4d227360d4b66b84aa95cb72c12f5a\"},\"headline\":\"How to avoid manipulations done by super users\",\"datePublished\":\"2017-01-20T11:00:00+00:00\",\"dateModified\":\"2022-08-26T14:14:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\"},\"wordCount\":625,\"publisher\":{\"@id\":\"https:\/\/zapliance.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"articleSection\":[\"Audit\",\"Compliance\",\"Finance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\",\"url\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\",\"name\":\"How to avoid manipulations done by super users - zapliance\",\"isPartOf\":{\"@id\":\"https:\/\/zapliance.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"datePublished\":\"2017-01-20T11:00:00+00:00\",\"dateModified\":\"2022-08-26T14:14:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png\",\"width\":2400,\"height\":962},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/zapliance.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to avoid manipulations done by super users\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/zapliance.com\/en\/#website\",\"url\":\"https:\/\/zapliance.com\/en\/\",\"name\":\"zapliance\",\"description\":\"Be the agent of change\",\"publisher\":{\"@id\":\"https:\/\/zapliance.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/zapliance.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/zapliance.com\/en\/#organization\",\"name\":\"zapliance\",\"url\":\"https:\/\/zapliance.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg\",\"width\":200,\"height\":45,\"caption\":\"zapliance\"},\"image\":{\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/ef4d227360d4b66b84aa95cb72c12f5a\",\"name\":\"Nick Gehrke\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/zapliance.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/07\/avatar_user_4_1657803044-96x96.jpg\",\"contentUrl\":\"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/07\/avatar_user_4_1657803044-96x96.jpg\",\"caption\":\"Nick Gehrke\"},\"description\":\"is Chief of Data &amp; Knowledge and Co-Founder at zapliance as well as Professor of Information Systems with a Big 4 background. He prefers to work as a business information scientist and tax consultant at the converging points of finance, accounting, taxation, audit and ERP systems, data science and information technology.\",\"url\":\"https:\/\/zapliance.com\/en\/blog\/author\/nick-gehrke\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to avoid manipulations done by super users - zapliance","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/","og_locale":"en_US","og_type":"article","og_title":"How to avoid manipulations done by super users - zapliance","og_description":"In my four-part blog series, I will illustrate&nbsp;the risk of extensive access rights to SAP systems.&nbsp;You will find out what risks exist, how to analyze the risks and what actions&nbsp;to be taken. Part 1 of the series: \u201cOperations done by super users\u201d 1. How to avoid manipulations done by super users&nbsp;2.&nbsp;How to analyse the risk [&hellip;]","og_url":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/","og_site_name":"zapliance","article_published_time":"2017-01-20T11:00:00+00:00","article_modified_time":"2022-08-26T14:14:56+00:00","og_image":[{"width":2400,"height":962,"url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","type":"image\/png"}],"author":"Nick Gehrke","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nick Gehrke","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#article","isPartOf":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/"},"author":{"name":"Nick Gehrke","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/ef4d227360d4b66b84aa95cb72c12f5a"},"headline":"How to avoid manipulations done by super users","datePublished":"2017-01-20T11:00:00+00:00","dateModified":"2022-08-26T14:14:56+00:00","mainEntityOfPage":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/"},"wordCount":625,"publisher":{"@id":"https:\/\/zapliance.com\/en\/#organization"},"image":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage"},"thumbnailUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","articleSection":["Audit","Compliance","Finance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/","url":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/","name":"How to avoid manipulations done by super users - zapliance","isPartOf":{"@id":"https:\/\/zapliance.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage"},"image":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage"},"thumbnailUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","datePublished":"2017-01-20T11:00:00+00:00","dateModified":"2022-08-26T14:14:56+00:00","breadcrumb":{"@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#primaryimage","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/08\/Blog-Dummy.png","width":2400,"height":962},{"@type":"BreadcrumbList","@id":"https:\/\/zapliance.com\/en\/blog\/how-to-avoid-manipulations-done-by-super-users\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/zapliance.com\/en\/"},{"@type":"ListItem","position":2,"name":"How to avoid manipulations done by super users"}]},{"@type":"WebSite","@id":"https:\/\/zapliance.com\/en\/#website","url":"https:\/\/zapliance.com\/en\/","name":"zapliance","description":"Be the agent of change","publisher":{"@id":"https:\/\/zapliance.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zapliance.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zapliance.com\/en\/#organization","name":"zapliance","url":"https:\/\/zapliance.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/06\/zap_logo.svg","width":200,"height":45,"caption":"zapliance"},"image":{"@id":"https:\/\/zapliance.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/ef4d227360d4b66b84aa95cb72c12f5a","name":"Nick Gehrke","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zapliance.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/07\/avatar_user_4_1657803044-96x96.jpg","contentUrl":"https:\/\/zapliance.com\/wp-content\/uploads\/2022\/07\/avatar_user_4_1657803044-96x96.jpg","caption":"Nick Gehrke"},"description":"is Chief of Data &amp; Knowledge and Co-Founder at zapliance as well as Professor of Information Systems with a Big 4 background. He prefers to work as a business information scientist and tax consultant at the converging points of finance, accounting, taxation, audit and ERP systems, data science and information technology.","url":"https:\/\/zapliance.com\/en\/blog\/author\/nick-gehrke\/"}]}},"views":918,"_links":{"self":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/comments?post=11376"}],"version-history":[{"count":1,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11376\/revisions"}],"predecessor-version":[{"id":11377,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/posts\/11376\/revisions\/11377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/media\/10699"}],"wp:attachment":[{"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/media?parent=11376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/categories?post=11376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zapliance.com\/en\/wp-json\/wp\/v2\/tags?post=11376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}