Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Establishing User Access Security SOD

04/02/07

Permalink 09:26:57 am, Categories: Sarbanes Oxley, 210 words   English (US)

Establishing User Access Security SOD

As a best practice, user access rights must be defined based on the business functions a user performs. This can be found using the job role of the user. It is important to check user access rights from a functional point of view. Questions like do user have access to functions which they are responsible for should be looked into. Once a proper strategy for granting user access rights is defined, the same can be used to implement user access rights.

In the process of granting users access to the system, it is important to take into account potential SOD segregation of duties issues. In case SOD cases do exist, compensating controls in the process should be looked into. As a best practice in user access security, role based access controls RBAC should be adopted. ERPs like SAP and Oracle have inbuilt features for RBAC, like the profile generator in SAP. Lastly, once user access is granted, it is important to monitor such user access on a periodic basis. Changes should be made to user access in case SOD conflicts are noticed or users have excess rights for sensitive transaction.

Related Posts

Sarbanes Oxley IT Compliance
Sarbanes Oxley Balancing Risks and Controls
Sarbanes Oxley Record Retention
Indian Sarbanes Oxley Clause 49

Permalink Leave a comment

Comments:

No Comments for this post yet...

Official Websites

Categories


Archives

  • SAP MM Requirements for Setting up Plant
  • Lessons Learned Log for ASAP Implementation
  • SAP Solution Configuration Realization Phase
  • SAP MDM Master Data Import Manager Loading Data into SAP MDM
  • Compliance Calibrator SOD Conflicts Remediation Strategy
  • SAP Workload Analysis Monitor Tools ST03N
  • SAP BW Data Staging Basics Tutorial
  • How to Implement BW Infoobject Level Security
  • SAP BW Admnistrator Authorizations S_RS_ADMWB
  • BIW Reporting Auth Objects S_RS_COMP
  • SAP BW Security Authorization Objects for SAP BW
  • How to Create SAP Report Variants and Variables
  • more...

    • Search

    Google

    Web Big4Guy.com

    June 2008
    Mon Tue Wed Thu Fri Sat Sun
    <<  <   >  >>
                1
    2 3 4 5 6 7 8
    9 10 11 12 13 14 15
    16 17 18 19 20 21 22
    23 24 25 26 27 28 29
    30

    Misc

    Syndicate this blog XML

    What is RSS?