With the help of our tools and based on our many years of expertise, we examine your existing authorization concept and analyze possible areas for action. Depending on the results and the state of your authorization structure, we develop an individual roadmap to transform your roles into a modern and sustainable authorization concept. Which path is chosen depends on the company’s individual circumstances and requirements..
Minimized maintenance effort
No critical overauthorization
Use of default values
Inheritance of organizational levels
Job-based roles prevent individual role construction for specific users. This greatly reduces the number of existing roles. In addition, an identity management tool enables automatic role provisioning depending on the associated HR job.
In our Power Workshop for SAP Authorizations, we review your existing authorization concept together with you to determine whether it covers current requirements. A key focus is on the aspect of future viability, which we realize through maintainability, efficient functionality and maximum security. Whether your authorizations need a redesign or just a revision and what your path to SAP S/4HANA will look like, we work out on the basis of your individual prerequisites and requirements.
The business and technical requirements for authorizations are constantly changing. If the authorizations are not continuously adapted to this, security gaps and efficiency problems arise.
The new roles are developed on the basis of HR jobs, which enables automated role assignment. To achieve maximum efficiency, we use SAP authorization default values. This allows roles to be developed more quickly and changes to be made more easily. Together with you, we realize optimal and modern authorizations in this way.
We not only support you during implementation, but also enable you to maintain and manage the solutions independently afterwards. Or you can entrust the operation to us: We call this Customer Success and mean our Application Management Services.
Creation and revision of authorizations and roles
Introduction of the profile generator and authorization default values
Roll-out and go-live
+49 7131 / 2711-3000
Specification of HR positions, if applicable
Definition of new roles on a job basis
Analysis of used applications
Actively used organizational levels
Consideration and maintenance of authorization default values (SU24)
Use of inheritance
Consideration and maintenance of authorization default values (SU24), if applicable.
Grouping of roles on a job basis, if applicable
Removal of applications and organizational levels that are no longer used
Merging of roles
Design of basic roles for user groups
Whether a complete or only a partial redesign is carried out depends on various factors.
A historically grown, heavily modified and poorly maintained authorization construct should rather be completely redesigned based on jobs and using the authorization default values.
However, if certain requirements for a modern concept are already met, a partial redesign can be considered.
The activities to be performed are determined based on the previous analysis. Other issues arising from new requirements must also be taken into account. Which way is the optimal one, we determine individually together with you.
SAP Access Control and SAP Cloud Identity Access Governance (IAG) address the management of users and authorizations in compliance with rules and with as little risk as possible. While SAP Access Control is an on-premise solution, SAP IAG is available as a cloud service on SAP Business Technology Platform.
Our product SECMENDO.authority_generator creates customized SAP roles fully automatically in just a few steps. It reads an SAP authorization trace of type STAUTHTRACE and ST01 and creates a role file with the SAP authorizations required by the user after a few manually entered parameters.
For more information, simply complete and submit the form. We are looking forward to your request.
Identity lifecycle management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even changing department, to when he or she leaves.
Identity & Access Management solutions, individually or in combination, enable efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.
The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.