Project of Authorizations Reorganization
- Security
An entitlement audit, if it yields appalling results in the area of SAP security (read: it is clear from the audit report that as an organization we need changes to better manage users and entitlements in the organization) often leads to a discussion regarding current entitlement management processes.
Such discussions are often a great way to start a project.
It is worth noting that in the case of reorganization of powers It is also possible to apply the so-called "creeping project", that is, we repair and seal the system step by step. This is a good option when you have few human resources, time and money for a big reorganization project.
Entitlement reorganization project - where to start?
Customers are usually afraid of a big undertaking and turning the authorization world upside down, and by extension, the world of everyday business. Often such a world is governed by its own rules, roles are overcrowded, contain hundreds of unused transactions or S_TCODEs are filled,
oh horror, * (in words: asterisk)!
However, a reorganization model where cleanup is done gradually, department by department, time for meetings is found outside of hot periods in the company is becoming more attractive. The milestones are not big and abrupt, but they are implemented gradually contributing to increased authorization awareness in all departments.
Okay, so how do we do the project?
- Audit
It verifies the current situation and makes a case for starting a reorganization of entitlements. Among other things, SAST analyzes the transactions used and generates reports that must be reviewed by the project sponsor, its advisors and the project team.
The project team must include individuals in the role of authorization administrator. - Defining project risks in the enterprise
The standard for any project, not just authorization.
These will be different risks in each organization. Maybe a lack of key-users? Maybe a lack of an authorization team?
Perhaps the Board's misunderstanding of the relevance of SAP's area of authority? - Project plan
We divide the project into key phases, during which the relevant activities must happen
In no random order. - The Concept of Entitlement
A document that describes the complete model of privilege and user management in SAP
In the organization. The bottom line: you don't create it once when you implement SAP and forget about it.
It is a "living" document, updated by the authorization team on an ongoing basis each time the authorizations are modified. At the client's request, we provide our Authorization Concept template during the project.
Best practices
- Project manager does not have to be a specialist In terms of SAP authorization. However, it cannot underestimate the importance of proper SAP authorization reorganization and authorization documentation management.
- Responsibility, responsibility and more responsibility.
As in any project - it is necessary to find (and encourage if required) people responsible for their own garden or garden bed. Where responsibility is collective and an undefined group of employees can intervene in the entitlement model on the system without applying the Entitlement Concept, there no project will help. Unfortunately.