Fast Checklist 15: Be careful with zombie profiles in SAP

Did you know that there may be zombie profiles within your SAP system?

One way to detect fraud or misuse of authorizations is by chance or accident. Once the cause-and-effect is identified and a solution is found, it allows for the development of this tip. In an analysis of used transactions that were not assigned to user accounts, cases were detected where these transactions were effectively not assigned through the current roles, but could still be used because the profiles related to inactive roles were still assigned.

After verifying the existence of assigned profiles, it was determined that they belonged to roles that were no longer assigned to user accounts, and even to deleted roles. These profiles enable the use of the transactions defined in them, as well as the authorization objects that could provide functionality to those transactions, as well as other transactions assigned to other roles. Certainly, the use of these privileges could be known to the user, as they are being given authorizations to perform unauthorized operations.

These profiles should not be assigned to any user account, and it is because of their origin that we have named them SAP zombie profiles.

CentinelBox, through its FAST CHECKLIST, provides control number 17 to detect these conditions, which may include:

➡️ Profiles assigned to user accounts with or without associated roles
➡️ Transactions used by user accounts due to the authorizations contained in these assigned profiles

In this latest FAST CHECKLIST, I explain how to eliminate them and prevent them from being generated in the future.

Check out the PDF with the solution here.

If you need support to clarify these concepts and effectively resolve them, CentinelBox can help you identify the risks and eliminate them, so you can manage SAP simply, agilely, and with high levels of security.

Schedule a personalized demo with me directly to see how our platform will allow for effective and successful internal control.