Work organization

For organizations and employees, this means a high degree of clarity and security - at least in theory. In practice, it is clear that authorization management in many companies tends to be handled in an unstructured manner and can thus become the cause of serious security problems.

The fact that nothing is often done despite such dangers is simply due to the fact that a careful check of all roles and authorizations would hardly be possible in the conventional way due to the high amount of work involved.

New intelligent software tools now address this problem and open up a realistic opportunity for companies to sustainably optimize their authorization management with manageable effort.

Old and new roles

In SAP alone, there are approximately 150,000 transactions that can be assigned to individual users, user groups, roles, or even composite roles. Practice shows that while new users, roles and authorizations are regularly added, the existing ones are rarely reviewed and at best reduced when an employee leaves the company.

This is not surprising, because in systems that have grown for ten or fifteen years in some cases, checking all authorizations in the conventional way would be a Herculean task that would be almost impossible to master, especially since many companies do not even use tracing to track which user uses which authorizations and how often.

At the same time, however, the security problems that can arise from inadequate authorization concepts can hardly be overestimated. The purchasing employee who switches to the accounting department, registers himself as a supplier and then pays his own invoices, so to speak, is still a minor case.

The problem is also becoming more explosive due to the pandemic-related acceleration of work in the home office. When internal systems are opened up for remote access, all authorizations must be correct and consistent.

This is the only way to exclude unauthorized access to critical information and avoid errors due to the lack of transparency of an inadequately maintained authorization concept.

In addition, the authorization chaos can also lead to increased costs if, for example, licenses are paid for users who neither need nor use the corresponding programs. And finally, the topic of authorization concepts is also becoming more and more important in auditing.

So it's high time to thoroughly clean up your own authorization concept. The good news is that there are new, intelligent solutions for getting even confusing authorization situations back under control.

The basis is tracing

In order to determine which users use which authorizations, roles and content and how often, access tracing should first be implemented. Here, all actions and accesses are recorded. After this tracing has been active for about half a year or a year, it provides a good database for checking the authorizations and roles that are actually required.

Intelligent new software solutions, such as the Sivis Reduction Manager, automatically check all actions based on the tracing data. All roles or content that were not used during the tracing period are then displayed to the responsible employees for review.

The same applies to role constellations that appear inconsistent, such as parallel rights for purchasing and accounting. These are also suggested for checking. The great advantage is that not all existing authorizations have to be checked, but only those that give reason to believe that they are not up to date.

At the same time, the personal check and decision rule out the possibility of permissions being withdrawn by mistake. After all, there may be good reasons why certain access rights were not used during a period of time.

Automatic suggestions

Quality, transparency and consistency of the authorization concept are indispensable for both security and cost reasons. Nevertheless, redesigning existing systems has hardly been feasible up to now due to the high amount of work involved.

Innovative software solutions offer the possibility of automatically scanning all authorizations and checking their consistency. Conspicuous constellations are then displayed and can be checked by the responsible employees in individual cases.

This significantly reduces the workload. Some providers, such as Sivis GmbH, also offer a combination of software solution and service, so that the audit effort for companies is once again significantly reduced.