3.Critical Permission Defining a critical permission risk ensures that risk anal

Question

3.Critical Permission
Defining a critical permission risk ensures that risk analysis identifies any employee who has been assigned a potentially risky permission. These permission can be identified by the authorization objects. For instance, the authorization object S_DEVELOP grants a user to create/modify programs within SAP. Another example is S_TCODE, this object enables a user to add transaction codes. An uncontrolled access to such authorization object might jeopardize the Business.
Exercise 3: List three examples of authorization objects that can be classified as Critical Permissions and explain why?

Explanation / Answer

Critical Permission Risk:

-->Defining a critical permission risk ensures that risk analysis identifies any employee who has been
assigned a potentially risky permission.
-->You can use this feature if the permission has been enabled but has no actions.
-->This risk can have only one function.

ex:In a company each employee has his own ID card with certain access permissions.Some employess are allowed
to go to some rooms like server,Admin all.These permissions we have to enable to ID.If we are not enabled
we can't access the corresponding door and enter into that room.These are very risky because we have to
certain permissions to those people who are authorized.If not some other person may come into our projectzone
and can steal or crash our data.

2)Bank account also each person having some Customer Id and password.

Related Questions

Navigate

• Browse (All)
• Browse 3
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.