Inspecting the SAP Basis Configuration to Ensure Compliancy

SAP Basis Configurations provide system-level controls to secure an SAP system. These configuration settings can be set up to be in line with your specific security requirements. The Soterion Basis Review Manager will inspect your SAP Basis Configuration against a set of rules that are based on industry best practices. Since these configurations usually form part of an annual external audit, our Basis Review Manager will allow you to be prepared, and will establish complete compliance to avoid adverse audit findings.

The Basis Review Manager consists of a number of checks that can be executed against your SAP system. The results will be highlighted as either passes or fails, with the option of mitigating failed reports. Examples of typical tests are:

Parameter Settings (RSPARAM)

  • Password lengths, expiry and complexity
  • Restricting multiple logons
  • Examining table logging

Role Checks

  • Roles that are in the Production environment, but not assigned to users
  • Roles that were created or changed in the Production environment
  • Roles with wildcards for transactions

User Checks

  • Users who have developer keys in the Production environment
  • Test users who are working in the Production environment
  • Users who have SAP standard roles in the Production environment