en
Do you know that? Your department expects you to create complex SAP authorizations without having been sufficiently informed about the business context. This often leads to errors and time-consuming work, which slows down the development process of PFCG roles.
On the other hand, there are also users who have too extensive SAP authorizations. These may contain critical SAP authorizations and SoD conflicts. If these are technical users, this situation poses a high security risk. If the user is hijacked, there is often unrestricted access to a large number of connected systems.
To minimize these risks, it is recommended that you develop PFCG roles from an SAP authorization trace. This is often time-consuming and error-prone due to the many manual entries. An SAP authorization trace can contain hundreds of authorization objects, each of which can have up to ten values. There are also various options for assigning an asterisk to authorizations to speed up the process. It quickly becomes apparent that with a large SAP authorization trace, the development of compliance-compliant PFCG roles can take hours.
In addition, an existing PFCG role can be extended with a trace and regenerated. If you want to revise existing roles, for example with many manual authorization objects, you can regenerate the role in the SAP standard by selecting a predefined SAP standard SU24, or by uploading a customer-specific SU24.
This speeds up the adjustment of the authorizations of the roles enormously, especially during an upgrade or release change, since the PFCG roles are simply regenerated with the new authorizations and those of the old role. The role can be configured as required using the input parameters and then only needs to be imported into the PFCG.
Execute SAP authorization trace
Import trace into SECEMENDO.authority_generator
Generate SAP roles
Import role file into SAP system
Done
Job-related creation of SAP authorizations based on a trace
Remove unused SAP authorizations from the role
The role now only contains SAP authorizations that are really needed
Usage-based
Annual License
Clean up with historically grown roles and authorizations
Increased employee productivity and relief for the IT department
User-friendly interfaces for managing roles and permissions in just 5 minutes
User-friendly and fast processing of work items from the UWL
24/7 monitoring of your SAP IdM landscape and provisioning processes
Audits and reports on a tap
System-wide automation, on-premise and in the cloud
A selection of our customers
