In a previous article, we wrote about authorization audit using SAST tools.
Such an audit, if it brings alarming results in the area of SAP security (read: the audit report clearly shows that as an organization, we need changes in the field of better management of users and authorizations in the organization) often leads to a discussion on current authorization management processes.
Such discussions are often a great way to start a project.
It is worth noting that in the case of reorganization of authorizations can also be used as "creeping project", i.e. we repair and seal the system step by step. This is a good option when we have little human resources, time and money for a large reorganization project.
Customers are usually afraid of a grand undertaking and turning the authorization world upside down, and thus the world of everyday business. Often such a world is governed by its own rules, roles are full, contain hundreds of unused transactions or S_TCODE are filled,
oh gosh, * !
However, the reorganization model comes more and more attractive, where tidying up is done gradually, department by department, the time for meetings is outside the hot periods in the company. The milestones are not great and rapid, but they are being implemented gradually, contributing to the increase of authorization awareness in all departments.
Okay, so how do we do the project?
Audit
It verifies the current situation and is an argument for starting the reorganization of powers. SAST analyzes, among others, used transactions and generates reports that must be analyzed by the project sponsor, its advisors and the project team.
The project team must include persons performing the role of permissions administrator.
Defining project risks in the enterprise
A standard for every project, not only authorization.
Each organization will have different risks. Maybe the lack of Key-users? Maybe lack of authorization team?
Maybe a misunderstanding of the importance of the SAP authorization area?
Project plan
We divide the project into the most important phases during which appropriate actions must take place
in no accidental order.
Authorizations Concept
A document that describes a complete authorization and user management model in SAP
in organisation. The most important thing: it is not created once during SAP implementation and forgotten about.
It is a "living" document, it is updated on an ongoing basis by the authorization team each time permissions are modified. At the client's request, we provide our Authorizations Concept template during the project.
Are you ready for the project? We will help you make some cleaning in ours authorizations!
Author: Bernadeta Szwarc
-------------------------------------------------------------------------------------------------
WORTH READING: