The global and independent platform for the SAP community.

Self-Adjusting Authorizations

Companies make their SAP authorization process too easy, which, according to current findings, leads to users having 75 percent more authorizations than they need. The motto is: Clean up.
Patrick Boch, Sast Suite
April 4, 2019
It Security
avatar
This text has been automatically translated from German to English.

With Self-Adjusting Authorizations, companies get a tool and the necessary usage information at their fingertips and can address the issues: Unused transactions are removed automatically, which increases compliance and protection against data misuse while saving administrative effort.

Day-to-day business and authorization management

The idea for the development came from Frank Schröder, CIO of the transmission manufacturer Renk, a subsidiary of MAN. He was looking for a way to automatically keep authorization management clean during day-to-day business. And found the partner for this task in Akquinet.

Together we started the pilot phase. After fifteen months, the dynamic, self-aligning tool Self-Adjusting Authorizations is close to market maturity. In combination with the Sast Suite, the GRC software is the first on the market to deliver reliable key figures on the actual use of roles in SAP.

Because the tool relies on automation - transactions remain activated only when the user needs them - it is particularly useful for smaller and medium-sized companies, which generally have few specialist staff in the security and compliance environment.

But even larger companies can keep their many authorizations permanently up-to-date in this way. The pilot phase at Renk shows that there is demand for the tool on the market: around 75 percent of the authorizations issued are not needed by the users.

They exist partly because SAP systems in companies grow over the years, and partly because administrators tend to distribute too many transactions to users rather than too few.

But these unused authorizations not only significantly degrade clarity and maintainability, they also increase the potential for functional separation conflicts as well as higher SAP licensing costs.

Although these vulnerabilities are known, many IT managers have not yet tackled the optimization of user authorizations. This is because it is manually time-consuming and therefore ties up costs and resources.

The Self-Adjusting Authorizations provide a remedy here and reduce the internal effort, because after an observation phase, they leave only those transactions in a role that are actually required for the completion of a business process - unused transactions are safely removed. Renk also uses the tool for permanent user maintenance.

Optimization

In summary, the use of Self-Adjusting Authorizations has many advantages: companies can gain a clear overview of the scope of use of their employees' existing roles and then optimize the tailoring.

All iteration cycles from the observation phase can also be traced at any time, as they are documented in detail. This makes it possible to see what the employee was allowed to do and what he or she was not allowed to do at any point in time, which is important during an audit, for example.

The tidied-up permissions mean less administrative effort and a lower security risk by reducing segregation of duties conflicts.

If one wanted to condense the procedure to a formula, it would be called: Automate instead of doing everything yourself. Finally, optimizing user authorizations may also lead to potential savings on SAP licenses. In this way, IT decision-makers can look forward to future reviews by internal or external auditors with confidence.

avatar
Patrick Boch, Sast Suite

Patrick Boch, Product Manager Sast Suite.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.