Compliance Up, Licensing Costs Down With SAP S/4 Hana
With S/4 Hana, SAP is pursuing a clear focus on real-time data analysis and intelligent process automation. Support for the classic SAP ERP will end by 2030 at the latest, and the first cuts - such as the annual reduction in the crediting of old licenses - are already a reality. Companies that hesitate to migrate are increasingly paying the price. Particularly critical: in future, SAP will no longer calculate license costs according to actual usage, but on the basis of the authorizations granted. Those who set up their systems in an oversized way risk excessive license costs - and at the same time open the door to security-related vulnerabilities.
Focus on authorizations
A lack of transparency in roles and rights harbors several risks: Unauthorized access, unintentional changes such as the removal of delivery blocks or incorrect mass changes can cause damage, as can manipulated postings or balancing. Over-authorized accounts are also considered a preferred gateway for cyber attacks.
The argument that employees should have more authorizations than absolutely necessary in order to be as widely available as possible can therefore be costly for compliance and security reasons, as well as if these authorizations were assigned on the basis of an old SAP license cost model. As licensing has been neglected in the technical assignment of authorizations in most companies, many now need to review and adapt their authorization structures to keep costs under control. Below are three steps that companies can take to optimize their authorization management.
Three-stage optimization roadmap
Step 1: Inventory of authorizations: First, companies should analyze the status quo and check which permissions are currently assigned, as well as identify inactive users or roles that are not being used. To do this, they can use analysis tools to gain detailed insights into their authorizations. Tip: Historical authorizations that have not been cleaned up over the years should also be taken into account.
Step 2: Companies should define and create granular, specific roles with clear authorizations for each user group. The assignment of overly extensive authorizations that are not even required for a user group should be avoided. This can possibly lead to a more expensive license category. During role cleansing, unnecessary authorizations are removed from the roles and reduced to the necessary minimum. This approach follows the need-to-know principle, a security concept in data protection in which access to sensitive data is only granted to those who need it.
The user should only be allowed to access information that is absolutely necessary for their work. The fine-tuning of authorizations at user level avoids over-licensing and ensures the optimal use of licenses.
Step 3: The implementation of a continuous optimization process: The use of monitoring tools makes it possible to continuously monitor user authorizations and react quickly to changes. In addition, a regular review should be carried out to ensure that the authorizations meet the current requirements of the company and SAP licensing. Automated assignment and checking of
authorizations, the administration effort can be minimized. A clearly defined escalation process for over-authorizations also saves time and ensures that no new cost traps are created.
Conclusion
The changeover to S/4 offers companies a valuable opportunity to revise their SAP authorization structures and bring them up to date. By identifying and removing unnecessary authorizations, SAP license costs can be significantly reduced. Consistent adherence to best practices in authorization management also minimizes security risks, improves transparency and supports adherence to compliance requirements.
DE
EN
ES
FR
