Ginger Luttrell asked her SAPInsight LinkedIn Group the question “Should Super/Power users have the authorization to unlock users as part of the user support role? Who does this in your company?”. The answers were interesting.
Cathy Buchfink, an E-procurement Manager at Texas Instruments responded by saying that she thought they should as they are likely the ones assisting the users and it would save time to be able to unlock them at the time assistance is provided and the issue determined. She goes on to say that previously, they were able to do this in their SAP system but now that they have switched to GRC much of this access has been taken away from those doing business support functions and it has been frustrating.
Terrie Walker said that he asked this of our Sr. Security Analyst and his response came back as follows: “Users can be locked by us (i.e. terminations), or locked due to incorrect logins. From a Security standpoint we could limit it in such a way that there would be no risk, i.e. they wouldn’t be able to unlock a terminated user. It’s not a bad idea, but I would question if you’d get the value out of the effort… If a user locks themselves out, they can either use the password reset self-service or call the help desk to unlock them. I think the first step would be to analyze the call volume/site hits for this activity.”
Ginger’s response to Terrie was that the size of the company and number of users may also play into the decision. Also, if a decision is made to bring the super users into this, a process would have to be documented, approved, super users trained and then manage the process. Wow, process by design and not by default!
The abilities of the SAP Super User and SAP high performance teams remains to be an active discussion. This is just an example of the subjects that will be discussed in Florida at the SAP Super User conference, December 4th and 5th, 2013. Register early, seats are limited.
To see more of the responses to this particular question, refer to the SAPInsights Open Group on LinkedIn. Let us know on this blog how you feel about this subject or what other subjects you would like to see us cover on this Blog.