The global and independent platform for the SAP community.

Work organization

The definition and assignment of roles and authorizations is crucial for ERP systems. This allows access authorizations not only to be formally assigned, but also to be firmly implemented in the company's processes and workflow.
Philipp Latini, Sivis
May 3, 2021
[shutterstock: 1813934876, VideoFlow]
avatar
This text has been automatically translated from German to English.

For organizations and employees, this means a high degree of clarity and security - at least in theory. In practice, it is clear that authorization management in many companies tends to be handled in an unstructured manner and can thus become the cause of serious security problems.

The fact that nothing is often done despite such dangers is simply due to the fact that a careful check of all roles and authorizations would hardly be possible in the conventional way due to the high amount of work involved.

New intelligent software tools now address this problem and open up a realistic opportunity for companies to sustainably optimize their authorization management with manageable effort.

Old and new roles

In SAP alone, there are approximately 150,000 transactions that can be assigned to individual users, user groups, roles, or even composite roles. Practice shows that while new users, roles and authorizations are regularly added, the existing ones are rarely reviewed and at best reduced when an employee leaves the company.

This is not surprising, because in systems that have grown for ten or fifteen years in some cases, checking all authorizations in the conventional way would be a Herculean task that would be almost impossible to master, especially since many companies do not even use tracing to track which user uses which authorizations and how often.

At the same time, however, the security problems that can arise from inadequate authorization concepts can hardly be overestimated. The purchasing employee who switches to the accounting department, registers himself as a supplier and then pays his own invoices, so to speak, is still a minor case.

The problem is also becoming more explosive due to the pandemic-related acceleration of work in the home office. When internal systems are opened up for remote access, all authorizations must be correct and consistent.

This is the only way to exclude unauthorized access to critical information and avoid errors due to the lack of transparency of an inadequately maintained authorization concept.

In addition, the authorization chaos can also lead to increased costs if, for example, licenses are paid for users who neither need nor use the corresponding programs. And finally, the topic of authorization concepts is also becoming more and more important in auditing.

So it's high time to thoroughly clean up your own authorization concept. The good news is that there are new, intelligent solutions for getting even confusing authorization situations back under control.

The basis is tracing

In order to determine which users use which authorizations, roles and content and how often, access tracing should first be implemented. Here, all actions and accesses are recorded. After this tracing has been active for about half a year or a year, it provides a good database for checking the authorizations and roles that are actually required.

Intelligent new software solutions, such as the Sivis Reduction Manager, automatically check all actions based on the tracing data. All roles or content that were not used during the tracing period are then displayed to the responsible employees for review.

The same applies to role constellations that appear inconsistent, such as parallel rights for purchasing and accounting. These are also suggested for checking. The great advantage is that not all existing authorizations have to be checked, but only those that give reason to believe that they are not up to date.

At the same time, the personal check and decision rule out the possibility of permissions being withdrawn by mistake. After all, there may be good reasons why certain access rights were not used during a period of time.

Automatic suggestions

Quality, transparency and consistency of the authorization concept are indispensable for both security and cost reasons. Nevertheless, redesigning existing systems has hardly been feasible up to now due to the high amount of work involved.

Innovative software solutions offer the possibility of automatically scanning all authorizations and checking their consistency. Conspicuous constellations are then displayed and can be checked by the responsible employees in individual cases.

This significantly reduces the workload. Some providers, such as Sivis GmbH, also offer a combination of software solution and service, so that the audit effort for companies is once again significantly reduced.

https://e3magpmp.greatsolution.dev/partners/sivis-gmbh/
avatar
Philipp Latini, Sivis

Philipp Latini is Managing Director at Sivis. The company specializes in software for authorization management, user administration and compliance. Before Philipp Latini took over the position as CEO in 2020, the IT systems businessman initially worked as Sales Manager and Head of Consulting at Sivis.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.