Authorizations in SAP made easy

How authorization concepts for SAP systems are simple and how you can implement data protection in compliance with the GDPR.

Published: Last updated:

Blog, Finance & Compliance

1 min. Reading time

Authorizations in SAP made easy

Do you know this? You are in the process of introducing a new module in SAP. And somehow it has fallen by the wayside that not every user should be able to access everything. Data protection! Phew, just in time.

One week before the go-live, things get hectic: Someone quickly creates a few authorization roles so that the system does not have to go live with SAP_ALL. Not ideal, but no matter: It works.

Once secure – always secure? Unfortunately, this does not apply to SAP authorizations

A few months later, the auditors come and check the authorization concepts for your SAP systems. They find many risks because you have not taken into account certain regulatory requirements (e.g. EU GDPR, GoBD, MaGo, VAIT, etc.).

You now need to eliminate the risks in the short term so that you are back on the road with “clean” authorizations. The auditors have also criticized RFC and batch users. And the processes for creating and changing users and applying for roles are not audit-proof.

An authorization concept that is not only audit-proof but also future-proof

So far, so good. You can get a grip on the risks by

  • Expanding authorizations
  • Setting up controls
  • Assigning critical authorizations to a firefighter who can perform critical activities and whose activities are logged.

You think all is well now. A few months later, however, there are new regulatory requirements, and if you look at your SAP authorization concept, the new requirements also affect your SAP system.

But how are you supposed to manage the new requirements and risks? You don’t have the time to manually check all existing SAP roles.

We are going to help you!

Authorizations in SAP made easy:

Take advantage of our consulting and support for SAP authorizations.

We also advise and support you if you have to deal with further requirements due to the technical further development of SAP. With the ERP successor S/4HANA, there is a new system landscape that offers many advantages – but also some challenges.

During a migration to S/4HANA, transactions will be dropped, new transactions will be added, authorization checks will be adjusted, the business partner will become the mandatory object model, and Fiori apps are supposed to simplify the use of SAP software. As a result, you again have an authorization issue. How are you supposed to keep track of it all? Ask us.

From analysis to access concept: What we can and like to do
  • Creation of procedure directories, risk and data protection impact assessments, and documentation
  • Creation and implementation of audit-proof SAP access and authorization concepts
  • Design and implementation of SAP GRC Access Control to ensure audit-proof processes for user and role changes, the use of emergency user scenarios, risk cleansing and access reviews
  • Carrying out system analyses and S/4HANA readiness checks with regard to SAP authorizations

When it comes to system analysis and the implementation of audit-proof SAP access concepts, we are very happy to work with the XAMS (Xiting Authorization Management Suite) software solution from our partner Xiting. The solution supports all phases of the project, from role design to a secure go-live.

Berater lehnt sich an Glasscheibe und freut sich über Benefits.

do you have any questions?:

Feel free to contact us

Your contact person: Björn Rolka

Contact us now

Diverse Endgeräte für die Entwicklung mobiler Apps mit ansprechendem, blauen App UX-Design

Published on October 26, 2023

Charting Success in Mobile App Development: The Essentials You Need to Know

Mobile apps are invaluable in the business world for improving operations and engaging customers. But app development can be challenging. In our article, Anna Moleda, head of mobile technology at Convista, shares key recommendations for success. Focus: app security, privacy…

Mann arbeitet im Office am Laptop mit Commodity Hedge Management

Published on July 10, 2023

Commodity Hedge Management: How to maintain costing certainty despite volatile markets

In recent years, it has become increasingly apparent that commodity markets are particularly susceptible to crises. These cause enormous volatility in procurement prices, with immediate and long-term effects on costing certainty for companies, especially in the industrial metals sector. Many…

Predictive Maintenance

Published on May 12, 2023

The 7 biggest advantages of Predictive Maintenance

Machine maintenance plays an important role in industry to avoid unexpected breakdowns and high downtime costs. In this context, there are two different approaches: Classic reactive machine maintenance and the new predictive maintenance, also known as predictive maintenance. The advantages…