Advanced Analytics: What you should also know about SAP super users

Posted by Dennis Jürgensen on Feb 10, 2017 4:30:00 PM

The fourth and last part of the series "Operations done by super users" is called "Advanced SAP Analytics". It is about dialog users who may be taken advantage of for batch inputs. In this blog article, I will show you how to illustrate and analyze the operations of SAP super users while using Excel, a Pivot table, and a Pivot chart.

 

Part 4 of the series: "Operations done by super users"

1. How to avoid manipulations done by super users 
2. How to analyse the risk of super users in SAP with SQL
3. Do it yourself: Analytics of SAP super users in Excel 
4. Advanced Analytics: What you definitely should know about SAP super users

 

accounting-1928237_640.png 

What is a dialog user?

When creating a new SAP user, the SAP administrator can choose between four different types of SAP users. They all have different properties, and are summarized in the following table:

 

Property

Dialog

Communication

System

Service

GUI Registration

Yes

No

No

Yes

RFC Registration

Yes

Yes

Yes

Yes

Enforcement of password modification

Yes

Yes

No

No

Password Expiration

Yes

Yes

No

No

Registration ticket can be created

Yes

Yes

No

No

(Source:  RZ10, Tobias Harmes, 16.März 2012)

 

In zapliance, the user types "Dialog" and "Service" are defined as dialog user. All other types of users are declared as "no dialog user". But we still have not clarified what exactly a dialog user is. Basically, dialog users are those who can log on to the SAP system using the SAP GUI. In combination with e.g. SAP_ALL, you can move through your usual SAP interface and have the possibility to see everything in the system. Also included is information which is not intended for you and your daily work in the company.

 

The difficulty with the batch input

With the help of SAP batch input sessions, regular and recurring tasks can be automated or one-time imports of data from e.g. external legacy systems can be performed. These should be reviewed regularly to ensure that they were not altered and can still fulfill the task for which they were planned. In addition, a dialog user with SAP_ALL has the possibility to create new batch input sessions that will not be recognized at first because they were not created via a standard process. Has it deliberately been attempted to avoid the internal control system (ICS)? To avoid misuse, an ICS must always work for batch input sessions.

 

How the evaluation works with Excel

To reinforce a suspicion of the use of a dialog user for the execution of batch input sessions, we will use a pivot table again. For this purpose, I have adapted the template by adding two more columns: The calendar week (with “=KALENDERWOCHE(Q2;21)”) and the weekday (with “=TEXT(Q2; ”[$-409]TTTT”)”). This allows you to make two evaluations at once. The calendar week is more suitable for a first overview. After the first glance, do you already expect certain patterns? Then, you can create a Pivot chart for each user. I chose USER_10 again as in the last blog post. The result looks as follows:

 

user10_calendarweek.png

 

With few exceptions, postings were made almost every week of the year. Therefore, we will examine USER_10 more closely and look at the weekdays of the posting executions.

 

user10_weekdays.png

 

As you can see, the postings were made on different days. This fact does not lead to the use of regular SAP batch inputs yet since it could be assumed that the days were unchanged. However, due to the high number of approx. 357 postings per weekday over the year, an audit of USER_10 is reasonable and recommendable. If you'd like to do the analytics, then take my modified template from the previous series. Therefore, you will simply have to fill the template with your data to run the analytics from the current and the last blog post. If you have questions or problems, feel free to leave a comment. You can find the template here:

 

Download xlsx

 

Topics: SAP, Audit, Superuser, cross process, guide

Blog Commentary