Authorizations in SAP made easy
How authorization concepts for SAP systems are simple and how you can implement data protection in compliance with the GDPR.
Authorizations in SAP made easy
Do you know this? You are in the process of introducing a new module in SAP. And somehow it has fallen by the wayside that not every user should be able to access everything. Data protection! Phew, just in time.
One week before the go-live, things get hectic: Someone quickly creates a few authorization roles so that the system does not have to go live with SAP_ALL. Not ideal, but no matter: It works.
Once secure – always secure? Unfortunately, this does not apply to SAP authorizations
A few months later, the auditors come and check the authorization concepts for your SAP systems. They find many risks because you have not taken into account certain regulatory requirements (e.g. EU GDPR, GoBD, MaGo, VAIT, etc.).
You now need to eliminate the risks in the short term so that you are back on the road with “clean” authorizations. The auditors have also criticized RFC and batch users. And the processes for creating and changing users and applying for roles are not audit-proof.
An authorization concept that is not only audit-proof but also future-proof
So far, so good. You can get a grip on the risks by
- Expanding authorizations
- Setting up controls
- Assigning critical authorizations to a firefighter who can perform critical activities and whose activities are logged.
You think all is well now. A few months later, however, there are new regulatory requirements, and if you look at your SAP authorization concept, the new requirements also affect your SAP system.
But how are you supposed to manage the new requirements and risks? You don’t have the time to manually check all existing SAP roles.
We are going to help you!
Authorizations in SAP made easy:
Take advantage of our consulting and support for SAP authorizations.
We also advise and support you if you have to deal with further requirements due to the technical further development of SAP. With the ERP successor S/4HANA, there is a new system landscape that offers many advantages – but also some challenges.
During a migration to S/4HANA, transactions will be dropped, new transactions will be added, authorization checks will be adjusted, the business partner will become the mandatory object model, and Fiori apps are supposed to simplify the use of SAP software. As a result, you again have an authorization issue. How are you supposed to keep track of it all? Ask us.
From analysis to access concept: What we can and like to do
- Creation of procedure directories, risk and data protection impact assessments, and documentation
- Creation and implementation of audit-proof SAP access and authorization concepts
- Design and implementation of SAP GRC Access Control to ensure audit-proof processes for user and role changes, the use of emergency user scenarios, risk cleansing and access reviews
- Carrying out system analyses and S/4HANA readiness checks with regard to SAP authorizations
When it comes to system analysis and the implementation of audit-proof SAP access concepts, we are very happy to work with the XAMS (Xiting Authorization Management Suite) software solution from our partner Xiting. The solution supports all phases of the project, from role design to a secure go-live.