SlideShare a Scribd company logo

SAP Role Design Impact on GRC and IAM

Download as PPTX, PDF
D
Dudley Cartwright

This document discusses the importance of having an appropriate SAP role design as the foundation for GRC and IAM tools. It states that outdated or inappropriate role designs provide users with too much access, diminishing the effectiveness of these tools. The document outlines how access control and identity access management solutions are negatively impacted by a poor underlying role design. It describes that a role cleanup or redesign is needed to properly address inappropriate role designs. A cleanup is quicker but a redesign allows incorporating new access requirements and controls over time. Having a proper role design is central to extracting value from GRC/IAM investments and achieving a secure SAP environment.

Software
1 of 17
soterion.com GRC Essentials for Customers using SAP
The importance of a solid foundation
Thoughts intuitively turn to GRC and IAM tools to achieve this. Without addressing the underlying issues of the SAP role design, GRC and IAM tools will not deliver the expected results and leave the organisation disappointed.
Many organisations have outdated role designs that provide users with inappropriate access required for their job functions. These organisations mistakenly assume SAP security can be solved solely with products and tools e.g. Access Control or Identity Access Management solutions.
These will help, but the capability of these tools are significantly diminished if the underlying SAP role design is outdated and/or inappropriate. Your organisation won’t derive the expected value from these investments due to this poor underlying SAP role design.
The impact of inappropriate SAP role design Let’s consider the impact of inappropriate SAP role design, which provides users with far too much access, on both GRC and IAM tools. Access Control solution The Access Control solution highlights many access risk violations that business users reviewing the risks don’t know where to start. Business users may start approving every SAP access change request without placing much value on the results, due to the volume of risk violations. In short, the capability of the access risk solution is diminished.
Identity Access Management solution The Identity Access Management solution brings about efficiencies in the joiner, leaver and mover processes. However, it will be assigning inappropriate access which results in a very high access risk count. This is far from ideal and counter-productive to their S/4 strategy, particularly as these organisations are placing more emphasis on security.
So, what does all this mean practically? If you’re a GRC practitioner wanting to leverage your organisation’s S/4HANA journey to bolster your security, and you suspect your underlying SAP role design is outdated, what should you do to address this?
You have two options for addressing an inappropriate SAP role design: either an SAP role clean-up or an SAP role redesign. Let’s explain this in a bit more detail.
SAP Role Clean-up An SAP role clean-up is usually possible where the underlying SAP role design is still in relatively good shape i.e. the SAP single roles are well built.
An SAP role clean-up is usually preferred by organisations as it is a quicker and less expensive project. An additional benefit is that it is less disruptive on the business, with fewer end-users testing and fewer authorisation issues than a redesign project.
SAP Role Redesign A role redesign is recommended when the effort to clean-up the SAP solution is greater than the effort to perform a role redesign. In other words, the SAP solution has deteriorated past the point of no return. An SAP role redesign is typically a longer, more costly engagement than a role clean-up, and entails greater levels of business involvement and disruption. However, there are several significant benefits to an SAP role redesign.
Firstly, if your organisation has not performed a role redesign for several years, the control requirements of the organisation may have changed over time. For example, Movement Types or Warehouse Numbers may not have been important ten years ago. However, with a role redesign, these new control elements can be introduced.
SAP has introduced several new control authorisations through the years. For example, controlling table access at a more granular level by table name (S_TABU_NAM) versus a wider level of authorisation groups (S_TABU_DIS). Many of the new data privacy regulations are affecting organisations.
As a result, more granular control is required which can be achieved through a role redesign project. Data privacy by design is central to most of the data privacy regulations. Implementing this with a role redesign is likely to be easier than as part of a role clean-up project. In summary, central to any secure SAP environment is a good SAP role design. It forms the backbone of all things GRC.
If your organisation does not see the value in addressing the underlying SAP role design, they will never extract the expected value from their GRC and IAM solutions. Addressing the SAP role design will be an investment well worth it in the long run.
soterion.com Thank you

Recommended

SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeDudley Cartwright
 
Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Symmetry™
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
GRC_2016_US_Brochure
GRC_2016_US_BrochureGRC_2016_US_Brochure
GRC_2016_US_BrochureJimmy Singh Mathur
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance Jade Global
 
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Anup Lakra
 

Recommended

SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeDudley Cartwright
 
Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Symmetry™
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
GRC_2016_US_Brochure
GRC_2016_US_BrochureGRC_2016_US_Brochure
GRC_2016_US_BrochureJimmy Singh Mathur
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance ServiceNow Governance, Risk, and Compliance
ServiceNow Governance, Risk, and Compliance Jade Global
 
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1
Webinar: Simplify, Gain Insight, Strengthen with SAP GRC 10.1Anup Lakra
 
Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1M INTERGRAPH SYSTEMS PRIVATE LIMITED
 
Managed It Services
Managed It ServicesManaged It Services
Managed It ServicesGss America
 
Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2justinklooster
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Prolifics Managed Services Offering
Prolifics Managed Services OfferingProlifics Managed Services Offering
Prolifics Managed Services Offeringvenkata burra
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsDan Aldridge, ERP Software Evangelist, LION
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
Defining Segregation of Duties
Defining Segregation of DutiesDefining Segregation of Duties
Defining Segregation of DutiesWill Kelly
 
Managed Services Model For IT Services
Managed Services Model For IT Services Managed Services Model For IT Services
Managed Services Model For IT Services Ajay Rathi
 
ServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security OperationsServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security OperationsJade Global
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The FactorsDonovan Mulder
 
Casa engl
Casa englCasa engl
Casa englIBS Schreiber GmbH
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
Software Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration RoadmapSoftware Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration RoadmapInnovate Vancouver
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Latinoamérica
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Spiffy
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales PresentationMSI Services
 
SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it? SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it? IQX Business Solutions
 
Computerised Accounting Essay
Computerised Accounting EssayComputerised Accounting Essay
Computerised Accounting EssayMarisela Stone
 

More Related Content

What's hot

Managed It Services
Managed It ServicesManaged It Services
Managed It ServicesGss America
 
Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2justinklooster
 
Prolifics Managed Services Offering
Prolifics Managed Services OfferingProlifics Managed Services Offering
Prolifics Managed Services Offeringvenkata burra
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
Defining Segregation of Duties
Defining Segregation of DutiesDefining Segregation of Duties
Defining Segregation of DutiesWill Kelly
 
Managed Services Model For IT Services
Managed Services Model For IT Services Managed Services Model For IT Services
Managed Services Model For IT Services Ajay Rathi
 
ServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security OperationsServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security OperationsJade Global
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management ProjectsHitachi ID Systems, Inc.
 
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The FactorsDonovan Mulder
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
Software Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration RoadmapSoftware Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration RoadmapInnovate Vancouver
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Latinoamérica
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Spiffy
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales PresentationMSI Services
 

What's hot (20)

Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1
 
Managed It Services
Managed It ServicesManaged It Services
Managed It Services
 
Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2Reciprocity_Consolidated Objectives eBook v2
Reciprocity_Consolidated Objectives eBook v2
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solution
 
Prolifics Managed Services Offering
Prolifics Managed Services OfferingProlifics Managed Services Offering
Prolifics Managed Services Offering
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties Solutions
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset Management
 
Defining Segregation of Duties
Defining Segregation of DutiesDefining Segregation of Duties
Defining Segregation of Duties
 
Managed Services Model For IT Services
Managed Services Model For IT Services Managed Services Model For IT Services
Managed Services Model For IT Services
 
ServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security OperationsServiceNow Performance Analytics for Security Operations
ServiceNow Performance Analytics for Security Operations
 
Best Practices for Identity Management Projects
Best Practices for Identity Management ProjectsBest Practices for Identity Management Projects
Best Practices for Identity Management Projects
 
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
15. Assessing Risk In Erp Projects Identify And Prioritize The Factors
 
Casa engl
Casa englCasa engl
Casa engl
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
 
Software Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration RoadmapSoftware Infrastructure Design, Integration, & Migration Roadmap
Software Infrastructure Design, Integration, & Migration Roadmap
 
SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)SAP Governance, Risk and Compliance (GRC)
SAP Governance, Risk and Compliance (GRC)
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Proventiv Sales Presentation
Proventiv Sales PresentationProventiv Sales Presentation
Proventiv Sales Presentation
 

Similar to SAP Role Design Impact on GRC and IAM

SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it? SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it? IQX Business Solutions
 
Computerised Accounting Essay
Computerised Accounting EssayComputerised Accounting Essay
Computerised Accounting EssayMarisela Stone
 
SAP best practices.pdf
SAP best practices.pdfSAP best practices.pdf
SAP best practices.pdfClubFreelance1
 
7 fatal assumptions about SAP agility
7 fatal assumptions about SAP agility7 fatal assumptions about SAP agility
7 fatal assumptions about SAP agilityBasis Technologies
 
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)Kyle Baillie
 
Project management e mconvt
Project management e mconvtProject management e mconvt
Project management e mconvtSimiyu Musakali
 
Unlocking Business Potential How SAP Implementation Services Drive Success.pdf
Unlocking Business Potential How SAP Implementation Services Drive Success.pdfUnlocking Business Potential How SAP Implementation Services Drive Success.pdf
Unlocking Business Potential How SAP Implementation Services Drive Success.pdfAmity Software Systems Limited
 
HOW TO GET STARTED WITH SAP
HOW TO GET STARTED WITH SAPHOW TO GET STARTED WITH SAP
HOW TO GET STARTED WITH SAPabinroy11
 
Transition To Saa S The Challenges And Solutions
Transition To Saa S The Challenges And SolutionsTransition To Saa S The Challenges And Solutions
Transition To Saa S The Challenges And Solutionspremanand_s
 
Sap business-blueprint1
Sap business-blueprint1Sap business-blueprint1
Sap business-blueprint1SabrinaBonso
 
Sap grc online training
Sap grc online trainingSap grc online training
Sap grc online trainingVenkat reddy
 
Sap solution brief sovn_20130111_english
Sap solution brief sovn_20130111_englishSap solution brief sovn_20130111_english
Sap solution brief sovn_20130111_englishMelloney_Jewell
 
SAP Career Maker site
SAP Career Maker site SAP Career Maker site
SAP Career Maker site aakil1
 
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...Flexsin
 
Why sap is the best erp system
Why sap is the best erp systemWhy sap is the best erp system
Why sap is the best erp systemNidhiInfotech
 
11 mistakes to_avoid_when_upgrading_sap
11 mistakes to_avoid_when_upgrading_sap11 mistakes to_avoid_when_upgrading_sap
11 mistakes to_avoid_when_upgrading_sapVasudev Reddy
 
Moving to SaaS by Margaret Menzies
Moving to SaaS by Margaret MenziesMoving to SaaS by Margaret Menzies
Moving to SaaS by Margaret MenziesMargaretMenzies
 
Why Should Businesses Choose RISE with SAP for their Business Transformation ...
Why Should Businesses Choose RISE with SAP for their Business Transformation ...Why Should Businesses Choose RISE with SAP for their Business Transformation ...
Why Should Businesses Choose RISE with SAP for their Business Transformation ...Anil
 
SAP Course in Delhi
SAP Course in DelhiSAP Course in Delhi
SAP Course in DelhiERP Delhi
 

Similar to SAP Role Design Impact on GRC and IAM (20)

SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it? SAP Investment Management - Why aren't you making use of it?
SAP Investment Management - Why aren't you making use of it?
 
Computerised Accounting Essay
Computerised Accounting EssayComputerised Accounting Essay
Computerised Accounting Essay
 
SAP best practices.pdf
SAP best practices.pdfSAP best practices.pdf
SAP best practices.pdf
 
7 fatal assumptions about SAP agility
7 fatal assumptions about SAP agility7 fatal assumptions about SAP agility
7 fatal assumptions about SAP agility
 
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)
7_fatal_assumptions_about_SAP_agility__eBook____Basis_Technologies (3)
 
Project management e mconvt
Project management e mconvtProject management e mconvt
Project management e mconvt
 
Unlocking Business Potential How SAP Implementation Services Drive Success.pdf
Unlocking Business Potential How SAP Implementation Services Drive Success.pdfUnlocking Business Potential How SAP Implementation Services Drive Success.pdf
Unlocking Business Potential How SAP Implementation Services Drive Success.pdf
 
HOW TO GET STARTED WITH SAP
HOW TO GET STARTED WITH SAPHOW TO GET STARTED WITH SAP
HOW TO GET STARTED WITH SAP
 
Transition To Saa S The Challenges And Solutions
Transition To Saa S The Challenges And SolutionsTransition To Saa S The Challenges And Solutions
Transition To Saa S The Challenges And Solutions
 
Sap business-blueprint1
Sap business-blueprint1Sap business-blueprint1
Sap business-blueprint1
 
Sap grc online training
Sap grc online trainingSap grc online training
Sap grc online training
 
Sap solution brief sovn_20130111_english
Sap solution brief sovn_20130111_englishSap solution brief sovn_20130111_english
Sap solution brief sovn_20130111_english
 
SAP Career Maker site
SAP Career Maker site SAP Career Maker site
SAP Career Maker site
 
SAP Interview Tips
SAP Interview TipsSAP Interview Tips
SAP Interview Tips
 
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...
Proven Ways Low-Code/No-Code Tools Are Strengthening SAP Application Developm...
 
Why sap is the best erp system
Why sap is the best erp systemWhy sap is the best erp system
Why sap is the best erp system
 
11 mistakes to_avoid_when_upgrading_sap
11 mistakes to_avoid_when_upgrading_sap11 mistakes to_avoid_when_upgrading_sap
11 mistakes to_avoid_when_upgrading_sap
 
Moving to SaaS by Margaret Menzies
Moving to SaaS by Margaret MenziesMoving to SaaS by Margaret Menzies
Moving to SaaS by Margaret Menzies
 
Why Should Businesses Choose RISE with SAP for their Business Transformation ...
Why Should Businesses Choose RISE with SAP for their Business Transformation ...Why Should Businesses Choose RISE with SAP for their Business Transformation ...
Why Should Businesses Choose RISE with SAP for their Business Transformation ...
 
SAP Course in Delhi
SAP Course in DelhiSAP Course in Delhi
SAP Course in Delhi
 

Recently uploaded

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 

Recently uploaded (20)

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 

SAP Role Design Impact on GRC and IAM

  • 2. The importance of a solid foundation
  • 3. Thoughts intuitively turn to GRC and IAM tools to achieve this. Without addressing the underlying issues of the SAP role design, GRC and IAM tools will not deliver the expected results and leave the organisation disappointed.
  • 4. Many organisations have outdated role designs that provide users with inappropriate access required for their job functions. These organisations mistakenly assume SAP security can be solved solely with products and tools e.g. Access Control or Identity Access Management solutions.
  • 5. These will help, but the capability of these tools are significantly diminished if the underlying SAP role design is outdated and/or inappropriate. Your organisation won’t derive the expected value from these investments due to this poor underlying SAP role design.
  • 6. The impact of inappropriate SAP role design Let’s consider the impact of inappropriate SAP role design, which provides users with far too much access, on both GRC and IAM tools. Access Control solution The Access Control solution highlights many access risk violations that business users reviewing the risks don’t know where to start. Business users may start approving every SAP access change request without placing much value on the results, due to the volume of risk violations. In short, the capability of the access risk solution is diminished.
  • 7. Identity Access Management solution The Identity Access Management solution brings about efficiencies in the joiner, leaver and mover processes. However, it will be assigning inappropriate access which results in a very high access risk count. This is far from ideal and counter-productive to their S/4 strategy, particularly as these organisations are placing more emphasis on security.
  • 8. So, what does all this mean practically? If you’re a GRC practitioner wanting to leverage your organisation’s S/4HANA journey to bolster your security, and you suspect your underlying SAP role design is outdated, what should you do to address this?
  • 9. You have two options for addressing an inappropriate SAP role design: either an SAP role clean-up or an SAP role redesign. Let’s explain this in a bit more detail.
  • 10. SAP Role Clean-up An SAP role clean-up is usually possible where the underlying SAP role design is still in relatively good shape i.e. the SAP single roles are well built.
  • 11. An SAP role clean-up is usually preferred by organisations as it is a quicker and less expensive project. An additional benefit is that it is less disruptive on the business, with fewer end-users testing and fewer authorisation issues than a redesign project.
  • 12. SAP Role Redesign A role redesign is recommended when the effort to clean-up the SAP solution is greater than the effort to perform a role redesign. In other words, the SAP solution has deteriorated past the point of no return. An SAP role redesign is typically a longer, more costly engagement than a role clean-up, and entails greater levels of business involvement and disruption. However, there are several significant benefits to an SAP role redesign.
  • 13. Firstly, if your organisation has not performed a role redesign for several years, the control requirements of the organisation may have changed over time. For example, Movement Types or Warehouse Numbers may not have been important ten years ago. However, with a role redesign, these new control elements can be introduced.
  • 14. SAP has introduced several new control authorisations through the years. For example, controlling table access at a more granular level by table name (S_TABU_NAM) versus a wider level of authorisation groups (S_TABU_DIS). Many of the new data privacy regulations are affecting organisations.
  • 15. As a result, more granular control is required which can be achieved through a role redesign project. Data privacy by design is central to most of the data privacy regulations. Implementing this with a role redesign is likely to be easier than as part of a role clean-up project. In summary, central to any secure SAP environment is a good SAP role design. It forms the backbone of all things GRC.
  • 16. If your organisation does not see the value in addressing the underlying SAP role design, they will never extract the expected value from their GRC and IAM solutions. Addressing the SAP role design will be an investment well worth it in the long run.

Editor's Notes

  1. Type your notes
  2. Type your notes
  3. Type your notes
  4. Type your notes
  5. Type your notes
  6. Type your notes
  7. Type your notes
  8. Type your notes
  9. Type your notes
  10. Type your notes
  11. Type your notes
  12. Type your notes
  13. Type your notes
  14. Type your notes
  15. Type your notes
  16. Type your notes
  17. Type your notes