What should the SAP entitlement concept contain?

My observation is that the Entitlement Concept, alongside the entitlement reorganization project appears like a horror to audited managers and entitlement administrators.
However, this is only the case if such documentation has not been maintained in the organization or has not been updated for many years, and often since the implementation of SAP in a particular company.
One might ask, where has our writing culture gone? 😉

I often start my Empowerment Concepts workshops (like in an academic lecture) with a warm-up in the form of customer-facing questions:

What is the Entitlement Concept in your opinion?

What content and elements can or should it contain?

By far the most difficult is for organizations that put off all documentation activities until the last minute (or never).

"Our focus is on business continuity, not on writing procedures."

"We have too few resources to deal with creating, reviewing and updating documentation, we need to deliver results."

"As a privilege administrator I process dozens of tickets every day, do you really think I have time for documentation?"

This all sounds familiar, doesn't it?
Moreover, it is difficult to disagree with the validity of the quoted questions.

Now imagine the following situations and answers:

SITUATION 1

"Several new process service people came to Kasi's department and they don't really know how to apply for new rights, the worst thing is that I get the same questions every day from individuals. I don't have the time to explain to them how it looks like in our company....

SOLUTION

- I will give them access to the section of the Concept of Entitlement intended for Business, let them read with understanding, there is information about the submission of applications, the formula and the necessary information needed to correctly process the application.

- Awesome, thanks, you saved me the time of daily mini training.

SITUATION 2

- Marek, quickly! I've had auditors drop by suddenly and ask about the SAP Entitlement Concept, what is it? Do we have it? Gee, every year they ask and Marta always had something on hand, but now she is on her sabbatical year, most likely in the bush in New Zealand, she doesn't write back to WA and no one knows what happened to those files.

SOLUTION

- It's on the resource, I'll send the link right away and give you permanent permissions to view.

-Uffffff, what a relief. Thanks for the rescue!"

SITUATION 3

- Hey, our new developer manager at today's team meeting expressed dissatisfaction with the frequent situations with his employees lacking permissions. Starting tomorrow, he ordered that everyone should have SAP_ALL to avoid waiting for the analysis and resolution of tickets.

SOLUTION

- We do not grant SAP_ALL to developers or module consultants, there is a separate section on this in the Entitlement Concept adopted by our company. We have a procedure for extended Firefighter privileges, please offer your manager a 15-minute slot for a meeting, I will present him the possibilities. I am sure he will be satisfied with such a solution.

- Sure, it sounds good. It gets the job done!

Do these quoted scenes sound familiar to you as well?
If so, it means that you are well on your way to creating or improving your Entitlement Concept, because you have identified the business needs for such documentation.

What should the Entitlement Concept contain?

Every customer and every company is different, but we distinguish between four main cores of the Entitlement Concept:

1. Basic division of roles in the organization (single, collective, derivative, reference, template)
2. User management process (applications, approval, execution, documentation of activities)
3. Role management process (applications, approval, execution, documentation of activities)
4. SoD policy (applicable authority matrix, critical conflicts, responsible for cyclic control)

The above examples are just some of the relevant information that should be included in the Entitlement Concept.

SAST Poland's team of consultants is experienced in both support and project work. We help our clients design and create Entitlement Concepts.
We offer customized templates, which we discuss in dedicated workshops.
If you are looking to create a complete documentation of the SAP Entitlement Concept, we will be happy to support you in this. It is not as scary as you might think. Feel free to contact us.