Main Features of SAP Authorization

Do We really Know What Kind of Access Users Have in our Company When it Comes to Authorisations in SAP?

Access management in SAP is not just technical role assignment.
This is primarily a matter of security, regulatory compliance and mitigation of risks - especially financial risks. In the article, we discuss how the authorization system in SAP works, what it consists of, why it "swells" over time and how this affects the daily work of users and... licensing costs. 
If you want to organize access and not pay for permissions that no one uses - this post is for you!

Basics of Authorization in SAP  - Roles, Transactions and Objects

A user's scope of access in SAP is determined by the roles they have been assigned. This access is implemented through transactions (T-Code), but transactions alone are not enough. Whether a user can only view data or also edit or delete it is determined by the authorization objects. Each contains fields, activities and values that specify what the user can do and where (e.g., in which organizational unit).

SAP Standard vs. Client Solutions (Z-transactions)

Standard SAP offers tens of thousands of transactions. However, each organization adapts the system to its needs, implementing non-standard processes - so-called Zetas (Z-transactions). Their presence greatly complicates entitlement management and requires additional control.

When the System Lives its Own Life - How Unnecessary Permitions Grow

In many companies, permissions have been added for years without being removed. As a result, users have many unused roles. Data shows that the average actual use of roles is only 10%. The remaining 90% are potential risks: errors, fraud or privilege conflicts.

SoD Entitlement Conflicts - Risks Worth Knowing

SoD (Segregation of Duties) conflicts occur when one person can perform too large a portion of a process. Example: posting invoices (FB60) and making payments (F110). Such a situation is a risk of errors or fraud. The key is to identify such conflicts and decide which ones can stay and which ones need to be eliminated.

Role Assignment Automation - How to Speed up and Organize Access

The modern approach to entitlement management is automation.
The system assigns roles to positions, and a change in position means an automatic change in authorizations. Additional requests go to business role owners, who decide whether to approve access - especially when there is an SoD conflict.

Overly Broad Entitlements vs. License Costs in Rise with SAP

Under the new Rise with SAP (S/4HANA) licensing model, what matters is who is AUTHORIZED, not who actually performs the activity. This means that overly broad authorizations can raise licensing costs. Therefore, reorganizing roles before migrating to RISE is not only a matter of order, but also a matter of real savings.

The above topics will be discussed during our May 27 webinar
at 11 a.m. Click on the title to register. Webinar will be performed in Polish Language.

Feel free to participate and ask questions!