Project of Authorization Reorganization

In a previous article, we wrote about authorization audit using SAST tools.
Such an audit, if it brings alarming results in the area of SAP security (read: the audit report clearly shows that as an organization, we need changes in the field of better management of users and authorizations in the organization) often leads to a discussion on current authorization management processes.

Such discussions are often a great way to start a project.
It is worth noting that in the case of reorganization of authorizations can also be used as "creeping project", i.e. we repair and seal the system step by step.  This is a good option when we have little human resources, time and money for a large reorganization project.

Reorganization of authorizations project - where to start from?

Customers are usually afraid of a grand undertaking and turning the authorization world upside down, and thus the world of everyday business. Often such a world is governed by its own rules, roles are full, contain hundreds of unused transactions or S_TCODE are filled,
oh gosh, * !
However, the reorganization model   comes more and more attractive, where tidying up is done gradually, department by department, the time for meetings is outside the hot periods in the company. The milestones are not great and rapid, but they are being implemented gradually, contributing to the increase of authorization awareness in all departments.

Okay, so how do we do the project?

Audit
It verifies the current situation and is an argument for starting the reorganization of powers. SAST analyzes, among others, used transactions and generates reports that must be analyzed by the project sponsor, its advisors and the project team.
The project team must include persons performing the role of permissions administrator.

Defining project risks in the enterprise

A standard for every project, not only authorization.
Each organization will have different risks. Maybe the lack of Key-users? Maybe lack of authorization team?
Maybe a misunderstanding of the importance of the SAP authorization area?

Project plan
We divide the project into the most important phases during which appropriate actions must take place
in no accidental order.

Authorizations Concept
A document that describes a complete authorization and user management model in SAP
in organisation. The most important thing: it is not created once during SAP implementation and forgotten about.
It is a "living" document, it is updated on an ongoing basis by the authorization team each time permissions are modified. At the client's request, we provide our Authorizations Concept template during the project.

 Good practices

• Project managerdoes not have to be a specialist in the field of SAP authorization. However, he cannot underestimate the importance of properly reorganizing SAP authorizations and managing authorization documentation.
• Responsibility, responsibility and more responsibility.
  As in any project - you need to find (and encourage if required) people responsible for your own garden or garden bed. Where the responsibility is collective and an undefined group of employees can intervene in the authorization model on the system without applying the Authorization Concept, there no project will help. Unfortunately.

Are you ready for the project?  We will help you make some cleaning in ours authorizations!

Author: Bernadeta Szwarc

-------------------------------------------------------------------------------------------------

WORTH READING:

• What Should the SAP Entitlement Concept Contain?

• SAP User Monitoring

• Authorization Concepts in the SAP System

• Too High SAP User Authorizations

• What Rights do Employees Have for SAP

• SAP Dictionary of Terms

• SAP Authorization Reorganization

• What is SoD?

• What is SAP

• The Benefits of SAST

• SAST – Authorizations of SAP Users

Zapoznaj się z naszym e-bookiem dotyczącym migracji z SAP ERP na SAP S/4 HANA

Pobierz darmowego e-booka