We are doing a security audit on our systems, one is a SAP FiCo 4.6C implementation. There are a few issues we have to investigate:
1. Are there known ways to gain access to the central SAP system through a terminal with a GUI installed that circumvent the login screen?
2. Is it possible for a -restricted- user to 'upgrade' his security profile so that he can access transactioncodes he should not have access to?
3. Is it possible for a -restricted- user to upload and execute ABAP programs even when he has no access to the ABAP Workbench?
And if so, how can we secure the system against these type of illegal actions?
Thanks in advance.
Free? Does that mean I can't get a Discount?
1. Are there known ways to gain access to the central SAP system through a terminal with a GUI installed that circumvent the login screen?
2. Is it possible for a -restricted- user to 'upgrade' his security profile so that he can access transactioncodes he should not have access to?
3. Is it possible for a -restricted- user to upload and execute ABAP programs even when he has no access to the ABAP Workbench?
And if so, how can we secure the system against these type of illegal actions?
Thanks in advance.
Free? Does that mean I can't get a Discount?