Redesign of SAP authorizations

Establish a modern, efficient and maintainable authorization concept and thus ensure the functional operation of your SAP systems

Analysis and design

Customized authorizations

Revision or new development?


We take a closer look at your authorizations

With the help of our tools and based on our many years of expertise, we examine your existing authorization concept and analyze possible areas for action. Depending on the results and the state of your authorization structure, we develop an individual roadmap to transform your roles into a modern and sustainable authorization concept. Which path is chosen depends on the company’s individual circumstances and requirements..

A stringent authorization concept includes the following objectives:

  • Job-based roles

  • Minimized maintenance effort

  • No critical overauthorization

  • Use of default values

  • Inheritance of organizational levels

Job-based roles prevent individual role construction for specific users. This greatly reduces the number of existing roles. In addition, an identity management tool enables automatic role provisioning depending on the associated HR job.

Power Workshop for SAP Authorizations

In our Power Workshop for SAP Authorizations, we review your existing authorization concept together with you to determine whether it covers current requirements. A key focus is on the aspect of future viability, which we realize through maintainability, efficient functionality and maximum security. Whether your authorizations need a redesign or just a revision and what your path to SAP S/4HANA will look like, we work out on the basis of your individual prerequisites and requirements.

Click here for the Power Workshop for SAP Authorizations

Authorizations and their concepts in SAP systems are constantly subject to organizational, functional and technical adjustments. Often, the maintenance effort increases continuously over the years and the security gaps become larger and larger.


How to get appropriate authorizations

The business and technical requirements for authorizations are constantly changing. If the authorizations are not continuously adapted to this, security gaps and efficiency problems arise.

With our tools, we analyze your authorizations and develop a suitable solution path towards modern SAP roles. We check individually for each case whether a holistic reorganization or merely an adaptation is required.

The new roles are developed on the basis of HR jobs, which enables automated role assignment. To achieve maximum efficiency, we use SAP authorization default values. This allows roles to be developed more quickly and changes to be made more easily. Together with you, we realize optimal and modern authorizations in this way.

We not only support you during implementation, but also enable you to maintain and manage the solutions independently afterwards. Or you can entrust the operation to us: We call this Customer Success and mean our Application Management Services.

We support you with your challenges in the following areas:

  • Authorization conception

  • Creation and revision of authorizations and roles

  • Introduction of the profile generator and authorization default values

  • Roll-out and go-live

Click here for the Power Workshop for SAP Authorizations

Your contact person


Marius Carl

+49 7131 2711-3000


Your individual way to new authorizations

Which path is actually chosen depends on the existing concept and possible new specifications.


  • Specification of HR positions, if applicable

  • Definition of new roles on a job basis

  • Analysis of used applications

  • Actively used organizational levels

  • Consideration and maintenance of authorization default values (SU24)

  • Use of inheritance


Redesign light

  • Consideration and maintenance of authorization default values (SU24), if applicable.

  • Grouping of roles on a job basis, if applicable

  • Removal of applications and organizational levels that are no longer used

  • Merging of roles

  • Design of basic roles for user groups

Revision or new development?

Whether a complete or only a partial redesign is carried out depends on various factors.

  • A historically grown, heavily modified and poorly maintained authorization construct should rather be completely redesigned based on jobs and using the authorization default values.

  • However, if certain requirements for a modern concept are already met, a partial redesign can be considered.

The activities to be performed are determined based on the previous analysis. Other issues arising from new requirements must also be taken into account. Which way is the optimal one, we determine individually together with you.

A new and modern authorization concept additionally simplifies the path to SAP S/4HANA, since various activities have already been carried out before the conversion. 

More information and offerings on SAP authorizations

Challenges with SAP authorizations | IBsolution
Which scenario applies to you?

Why SAP authorizations can pose challenges for you

An efficient authorization and role concept forms the basis for the secure and smooth operation of SAP systems. There are currently three main scenarios that affect the authorization structure of companies and require a review: the SAP S/4HANA migration, the use of SAP Fiori interfaces and general problems with authorizations.

Learn more
SAP authorizations in SAP S/4HANA | IBsolution
Redesign or migration?

SAP authorizations in SAP S/4HANA

SAP authorizations are usually created and maintained over years or even decades with great effort. The simplification of processes in SAP S4/HANA leads to the loss of frequently used transactions, which are replaced by new Fiori apps. IT managers rightly ask themselves whether and how they can efficiently transfer authorizations to SAP S/4HANA. 
Learn more
Authorization default values and profile generator | IBsolution
Transactions SU24 and SU25

Default values and profile generator for SAP authorizations

SAP authorizations are often developed without the adjusted default values of transaction SU24. As a result, the profile generator (SU25) cannot develop its full potential. The biggest advantage of the authorization default values with regard to SAP S4/HANA is the reduced effort required for reworking the authorizations of the roles.
Learn more
Avoid conflicts in authorizations | IBsolution

How to avoid conflicts and risks in authorizations

SAP Access Control and SAP Cloud Identity Access Governance (IAG) address the management of users and authorizations in compliance with rules and with as little risk as possible. While SAP Access Control is an on-premise solution, SAP IAG is available as a cloud service on SAP Business Technology Platform.

Read more
SAP Authorization Management | IBsolution
Controlling user access

SAP Authorization Management

Authorizations in SAP systems form the basis for Identity & Access Management. They enable users to access the applications they need to perform their activities. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked.
Learn more
Authorizations in SAP S/4HANA | IBsolution

What changes in authorizations with SAP S/4HANA

SAP S/4HANA brings with it various new processes and technologies that did not previously exist in this way in SAP ERP. In addition, there are also differences in the authorization concepts between SAP S/4HANA and previous ERP versions from SAP that must be taken into account to ensure smooth user access.
Read more

You want to learn more about how to implement a modern and functional authorization concept?

For more information, simply complete and submit the form. We are looking forward to your request.

Discover more components of our SAP Security portfolio

Identity Lifecycle Management | IBsolution

Identity Lifecycle Management

Identity lifecycle management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even changing department, to when he or she leaves.

Learn more
SAP Identity & Access Management | IBsolution

SAP Identity & Access Management

Identity & Access Management solutions, individually or in combination, enable efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.

Learn more
SECMENDO product suite | IBsolution

SECMENDO product suite

The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.

Learn more