HI,

An internal audit has found that the login we use from data services to connect to SAP ERP can access HR tables which include personal details. We have been asked to remove this, but we are struggling to work out how.

We have done what we thought we needed to do, but now we can read metadata, but not get any data
Is there any documentation on how to do this ? The SAP supplement doesn’t go down to this level.

Thanks.

Leigh Kennedy (BOB member since 2012-01-17)

Is the DS User a Dialog User or Communication User? Well that really isn’t the answer to your question.

I will ask my security person about this. I always freak about this too :?

ganeshxp (BOB member since 2008-07-17)

I think its a communications user, but that wouldn’t effect the issue, its not that we can log in and see the info, its that we can set up a tale pull and get it that is an issue.

It would be great if you could check with your security guy - Thanks !

Leigh Kennedy (BOB member since 2012-01-17)

Use Google first guys

Don’t know if this also applies to communication users:
http://scn.sap.com/thread/1655357

Johannes Vink (BOB member since 2012-03-20)

Pretty sure my ERP people already went through this, but i’ll pass it on anyway and see what they say.

Leigh Kennedy (BOB member since 2012-01-17)