JE
Uploaded byJonathan Eemans
PDF, PPTX10,878 views

Authorisations in SAP: best practices

The document outlines best practices for authorizations in SAP. It discusses role naming conventions, using different role types correctly like single, composite and master/derived roles. It emphasizes maintaining an authorization matrix and documenting any changes. Unmaintained authorizations should be avoided. Tips provided include deactivating standard roles when changing authorizations and using the 'Read old status and merge with new data' option when updating roles.

Embed presentation

Download as PDF, PPTX
26/01/2017 1Jonathan Eemans JE Consulting Authorisations in SAP Best practices
26/01/2017 2 Authorisations in SAP: best practices 1. Role naming conventions Role naming convention Lack of naming convention, inconsistent naming convention or inappropriate naming convention is the most basic mistake that an organisation can make. And this does not just impact the user administrator (who may not be able to identify with the roles after some time), it adversely impacts business users as well as auditors. Business users are often not conversant with transaction codes and authorization objects and rely on the role name and description to understand the role. Without a good and consistent naming convention, they may struggle to make sense of the roles. SOLUTION: Define logic naming convention and respect this naming convention at all times. Example: ZS/C_XX_<Description>/<Job>_YYYY with S = Single role / C = Composite role XX = Domain (CA, GL, AP etc.) <Description> (single role) = Description (GLMAST_MAINT for g/l account maintenance, GLMAST_DISPL for g/l account display, etc.) <Job> (composite role) = Job (MMPUR for purchaser, FITR for treasury, FIGEN for accountants etc.) YYYY = Master / Organisational unit (MAST if master role, #### for Company 1, etc.)
26/01/2017 3 Authorisations in SAP: best practices 2. Role design Role design Use different types of roles correctly.  Single roles  Composite roles  Master / parent roles  Derived / child roles SOLUTION: Correctly design roles using authorisation matrix.
26/01/2017 4 Authorisations in SAP: best practices 2. Role design 1. Define single roles 2. Assign single roles to composite roles 3. Define slave roles 4. Assign composite roles to users
26/01/2017 5 Authorisations in SAP: best practices 2. Role design: Master / derived roles Concept A derived role has identical attributes (transactions / authorization object values) as it parent except the values of the organizational level fields (plant, company code, sales organisation etc. ). Advantage Thus maintenance is simplified as only the organisational levels have to be maintained at the derived role level. This also ensures that there is no opportunity to make mistakes during authorisation maintenance for the multitude of derived roles and also reduces testing effort for roles.
26/01/2017 6 Authorisations in SAP: best practices 2. Role design: Master / derived roles Example Master role Derived role Transactions and authorisations Derived role are maintained in the master role is assigned to master role Organisation levels are not assigned in master role Organisational levels are assigned
26/01/2017 7 Authorisations in SAP: best practices 3. Maintain authorisation matrix Authorisation matrix
26/01/2017 8 Authorisations in SAP: best practices 4. Document changes in authorisations Document changes to authorisation roles
26/01/2017 9 Authorisations in SAP: best practices 5. Non-maintained authorisations Unmaintained authorisations Many user administrators leave unmaintained authorisation (i.e. objects with some unmaintained field values) in the profile. Such unmaintained authorization often become big nuisance in long run. They are also one of the most common reason behind false positives raised during authorization review. SOLUTION: Maintain all authorisation objects in the authorisation profile.
26/01/2017 10 Authorisations in SAP: best practices Tip 1 for maintaining authorisations: deactivate but keep the standard When changing authorisation objects the best way is to make a copy, deactivate the standard, and make changes to the copy.
26/01/2017 11 Authorisations in SAP: best practices Tip 2 for maintaining authorisations: Read old status and merge with new data Use option ‘Read old status and merge with new data’ If you have a ‘Standard’ and a ‘Change’, the option ‘Read old status and merge with old data’ will not insert a new authorisation object.

More Related Content

PDF
Practical guide for sap security
bySiva Pradeep Bolisetti
 
PPT
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
byCA CISA Jayjit Biswas
 
PPT
SAP BI 7 security concepts
bySiva Pradeep Bolisetti
 
PPTX
SAP GRC AC 10.1 - ARM Workflows
byRohan Andrews
 
DOCX
What is sap security
bygrconlinetraining
 
PPT
Sap Security Workshop
bylarrymcc
 
PDF
081712 isaca-atl-auditing sap-grc
byhkodali
 
DOCX
SAP Security interview questions
bySiva Pradeep Bolisetti
 
Practical guide for sap security
bySiva Pradeep Bolisetti
 
Segregation of duties in SAP @ ISACA Pune presentation on 18.4.2015
byCA CISA Jayjit Biswas
 
SAP BI 7 security concepts
bySiva Pradeep Bolisetti
 
SAP GRC AC 10.1 - ARM Workflows
byRohan Andrews
 
What is sap security
bygrconlinetraining
 
Sap Security Workshop
bylarrymcc
 
081712 isaca-atl-auditing sap-grc
byhkodali
 
SAP Security interview questions
bySiva Pradeep Bolisetti
 

What's hot

DOC
Sap security-administration
bynanda nanda
 
PDF
S4 HANA Business Partner Configuration@Ganesh Tarlana
byGanesh Tarlana
 
PDF
Business partner-2
byabc
 
PPT
Org structure SAP
bySuvojyoti Chowdhury
 
PDF
Workflow Part1 1
byevil66_in
 
PPTX
SAP S4 HANA.pptx
byHARISHVERMA80
 
PPT
SAP SD Sales Deal & promotion
byarun_bala1
 
PDF
Introduction to SAP Security
byNasir Gondal
 
DOC
Authorisation Concept In SAP | http://sapdocs.info
bysapdocs. info
 
PDF
SAP Validation and substitution
byHari Krishna
 
DOCX
SAP Landscape
bylakshmi rajkumar
 
PDF
SAP FICO overview
byPeter Ezzat
 
PDF
Migration Cockpit (LTMC)
byJayababu M
 
PDF
SAP S_4HANA Migration Cockpit - Migrate your Data to SAP S_4HANA.pdf
bysubbulokam
 
PDF
SAP S4HANA Credit Management
byJoe Torres
 
PDF
Automatic vendor payment advice notes by mail
bySURESH BABU MUCHINTHALA
 
PDF
ABAP for Beginners - www.sapdocs.info
bysapdocs. info
 
PDF
Sap GRC Basic Information | GRC 12 online training
bygrconlinetraining
 
PDF
SAP BUSINESS BLUE PRINT PRACTICE PROJECT
byVenet Dheer
 
DOCX
SAP SD Business Blue Print E1 Sales Template
byAditya Pandey
 
Sap security-administration
bynanda nanda
 
S4 HANA Business Partner Configuration@Ganesh Tarlana
byGanesh Tarlana
 
Business partner-2
byabc
 
Org structure SAP
bySuvojyoti Chowdhury
 
Workflow Part1 1
byevil66_in
 
SAP S4 HANA.pptx
byHARISHVERMA80
 
SAP SD Sales Deal & promotion
byarun_bala1
 
Introduction to SAP Security
byNasir Gondal
 
Authorisation Concept In SAP | http://sapdocs.info
bysapdocs. info
 
SAP Validation and substitution
byHari Krishna
 
SAP Landscape
bylakshmi rajkumar
 
SAP FICO overview
byPeter Ezzat
 
Migration Cockpit (LTMC)
byJayababu M
 
SAP S_4HANA Migration Cockpit - Migrate your Data to SAP S_4HANA.pdf
bysubbulokam
 
SAP S4HANA Credit Management
byJoe Torres
 
Automatic vendor payment advice notes by mail
bySURESH BABU MUCHINTHALA
 
ABAP for Beginners - www.sapdocs.info
bysapdocs. info
 
Sap GRC Basic Information | GRC 12 online training
bygrconlinetraining
 
SAP BUSINESS BLUE PRINT PRACTICE PROJECT
byVenet Dheer
 
SAP SD Business Blue Print E1 Sales Template
byAditya Pandey
 

Viewers also liked

PDF
Master data distribution in SAP: implementation guide
byJonathan Eemans
 
PPT
Day5 R3 Basis Security
byGuang Ying Yuan
 
PPT
6 7-users-authorization
bysanganiraju
 
PDF
Best Practices for Ensuring SAP ABAP Code Quality and Security
byVirtual Forge
 
PPTX
Extensible Authorization for SAP Applications Webinar
byNextLabs, Inc.
 
PPT
SAP HCM Structural Authorization Overview Presentation
byKenBowers
 
PDF
Sap security tasks
bySiva Pradeep Bolisetti
 
DOC
Step by step exercise for bw 365
bySiva Pradeep Bolisetti
 
PDF
Governance Of Enterprise IT MIA
byTroy DuMoulin
 
PPT
How to improve user experience via roles
bySiva Pradeep Bolisetti
 
DOCX
Calculation of optimum cost of transportation of goods from godowns to differ...
bySiva Pradeep Bolisetti
 
PPT
Bluetooth Technology -- detailed explanation
bySiva Pradeep Bolisetti
 
PDF
Enterprise Risk Management Software
byMike Taylor
 
PDF
Sappress sap governance risk and compliance
bySiva Pradeep Bolisetti
 
DOCX
Use of network scheduling technique
bySiva Pradeep Bolisetti
 
PPTX
SAP Plaint Maintenance Training in Hyderabad,USA,UK,Canada,Austarlia
byonline jobs
 
PPTX
Bearing design for Turbo Generator- Internship at BHEL
bySiva Pradeep Bolisetti
 
PPTX
SAP HCM authorisations: streamline processes and improve HR data security
bySven Ringling
 
PDF
Simplifying SAP Plant Maintenance
byDeeDee Kato
 
PDF
Best Practices for Managing a Global SuccessFactors Rollout
byGP Strategies Corporation
 
Master data distribution in SAP: implementation guide
byJonathan Eemans
 
Day5 R3 Basis Security
byGuang Ying Yuan
 
6 7-users-authorization
bysanganiraju
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
byVirtual Forge
 
Extensible Authorization for SAP Applications Webinar
byNextLabs, Inc.
 
SAP HCM Structural Authorization Overview Presentation
byKenBowers
 
Sap security tasks
bySiva Pradeep Bolisetti
 
Step by step exercise for bw 365
bySiva Pradeep Bolisetti
 
Governance Of Enterprise IT MIA
byTroy DuMoulin
 
How to improve user experience via roles
bySiva Pradeep Bolisetti
 
Calculation of optimum cost of transportation of goods from godowns to differ...
bySiva Pradeep Bolisetti
 
Bluetooth Technology -- detailed explanation
bySiva Pradeep Bolisetti
 
Enterprise Risk Management Software
byMike Taylor
 
Sappress sap governance risk and compliance
bySiva Pradeep Bolisetti
 
Use of network scheduling technique
bySiva Pradeep Bolisetti
 
SAP Plaint Maintenance Training in Hyderabad,USA,UK,Canada,Austarlia
byonline jobs
 
Bearing design for Turbo Generator- Internship at BHEL
bySiva Pradeep Bolisetti
 
SAP HCM authorisations: streamline processes and improve HR data security
bySven Ringling
 
Simplifying SAP Plant Maintenance
byDeeDee Kato
 
Best Practices for Managing a Global SuccessFactors Rollout
byGP Strategies Corporation
 

Similar to Authorisations in SAP: best practices

TXT
Sap security bad practices
bySatyajit Deb
 
PDF
SAP MM Authorization Matrix and User roles.pdf
byAmanKumarSaksena
 
DOC
Derived master roles Configuration screenshots in SAP Security
byBharath Trainings
 
PDF
Authorization objects a simple guide
byAlbert Shumov
 
PDF
Continuous Compliance-in-Sap-Environments
byhappiestmindstech
 
PDF
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
byHappiest Minds Technologies
 
PDF
SAP Role Design for Success: 3 Best Practices and Tips
byudayamosol9
 
PPTX
Sap security interview question & answers
byNancy Nelida
 
PPT
Introduction on sap security
byyektek
 
PDF
An expert guide to new sap bi security features
byShazia_Sultana
 
PDF
SAP BI Security Features
bydw_anil
 
PDF
Authorization objects a simple guide.doc (1)
byVikram Polinati
 
PDF
Iia los angeles sap security presentation
byhkodali
 
PDF
CSI tools SAP Authorization Presentation TROOPERS 2014
byCSI tools
 
PPTX
SAP Role Desgin for Success Best Practices and Tips
byudayamosol9
 
PPTX
Sap hcm online training
bysaptrmit
 
PPTX
Erp security1
byWebAshlar
 
PDF
Sap basis and_security_administration
byAnil Kumar Reddy Cheppalli
 
PPTX
Sap hcm online and remote based training in usa,uk,india
bymagnificsmily
 
PPTX
Sap hcm online and remote based training in usa,uk,india
bymagnificsmile
 
Sap security bad practices
bySatyajit Deb
 
SAP MM Authorization Matrix and User roles.pdf
byAmanKumarSaksena
 
Derived master roles Configuration screenshots in SAP Security
byBharath Trainings
 
Authorization objects a simple guide
byAlbert Shumov
 
Continuous Compliance-in-Sap-Environments
byhappiestmindstech
 
Whitepaper: Continuous Compliance in SAP Environments - Happiest Minds
byHappiest Minds Technologies
 
SAP Role Design for Success: 3 Best Practices and Tips
byudayamosol9
 
Sap security interview question & answers
byNancy Nelida
 
Introduction on sap security
byyektek
 
An expert guide to new sap bi security features
byShazia_Sultana
 
SAP BI Security Features
bydw_anil
 
Authorization objects a simple guide.doc (1)
byVikram Polinati
 
Iia los angeles sap security presentation
byhkodali
 
CSI tools SAP Authorization Presentation TROOPERS 2014
byCSI tools
 
SAP Role Desgin for Success Best Practices and Tips
byudayamosol9
 
Sap hcm online training
bysaptrmit
 
Erp security1
byWebAshlar
 
Sap basis and_security_administration
byAnil Kumar Reddy Cheppalli
 
Sap hcm online and remote based training in usa,uk,india
bymagnificsmily
 
Sap hcm online and remote based training in usa,uk,india
bymagnificsmile
 

Recently uploaded

PPTX
Instrumentation.Instrumentation.Instrumentation.pptx
byDavid Kurtz
 
PDF
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PPTX
Business Central and Copilot pitch deck ppt
byjonbravetti
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PDF
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
PPTX
Architectural Styles in Software Engineering
byM Munim
 
PDF
Salesforce Data Migration Services.pdf
byRobert Mark
 
PPTX
Orion Context Broker introduction 20260114
byFermin Galan
 
PDF
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
PDF
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
PPTX
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
PDF
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
PDF
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PDF
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
PPTX
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
Instrumentation.Instrumentation.Instrumentation.pptx
byDavid Kurtz
 
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Business Central and Copilot pitch deck ppt
byjonbravetti
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
Architectural Styles in Software Engineering
byM Munim
 
Salesforce Data Migration Services.pdf
byRobert Mark
 
Orion Context Broker introduction 20260114
byFermin Galan
 
Postmates Clone App Delivery Service Business Solution.pdf
byV3CUBE TECHNOLABS
 
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
Projectlify: Everything You Need to Get Things Done
byRafal Ksiazek
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
Salesforce Careers in 2026_ Trends, Certifications, and Must-Have Skills
byDele Amefo
 
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 

Authorisations in SAP: best practices

  • 1.
    26/01/2017 1Jonathan EemansJE Consulting Authorisations in SAP Best practices
  • 2.
    26/01/2017 2 Authorisations inSAP: best practices 1. Role naming conventions Role naming convention Lack of naming convention, inconsistent naming convention or inappropriate naming convention is the most basic mistake that an organisation can make. And this does not just impact the user administrator (who may not be able to identify with the roles after some time), it adversely impacts business users as well as auditors. Business users are often not conversant with transaction codes and authorization objects and rely on the role name and description to understand the role. Without a good and consistent naming convention, they may struggle to make sense of the roles. SOLUTION: Define logic naming convention and respect this naming convention at all times. Example: ZS/C_XX_<Description>/<Job>_YYYY with S = Single role / C = Composite role XX = Domain (CA, GL, AP etc.) <Description> (single role) = Description (GLMAST_MAINT for g/l account maintenance, GLMAST_DISPL for g/l account display, etc.) <Job> (composite role) = Job (MMPUR for purchaser, FITR for treasury, FIGEN for accountants etc.) YYYY = Master / Organisational unit (MAST if master role, #### for Company 1, etc.)
  • 3.
    26/01/2017 3 Authorisations inSAP: best practices 2. Role design Role design Use different types of roles correctly.  Single roles  Composite roles  Master / parent roles  Derived / child roles SOLUTION: Correctly design roles using authorisation matrix.
  • 4.
    26/01/2017 4 Authorisations inSAP: best practices 2. Role design 1. Define single roles 2. Assign single roles to composite roles 3. Define slave roles 4. Assign composite roles to users
  • 5.
    26/01/2017 5 Authorisations inSAP: best practices 2. Role design: Master / derived roles Concept A derived role has identical attributes (transactions / authorization object values) as it parent except the values of the organizational level fields (plant, company code, sales organisation etc. ). Advantage Thus maintenance is simplified as only the organisational levels have to be maintained at the derived role level. This also ensures that there is no opportunity to make mistakes during authorisation maintenance for the multitude of derived roles and also reduces testing effort for roles.
  • 6.
    26/01/2017 6 Authorisations inSAP: best practices 2. Role design: Master / derived roles Example Master role Derived role Transactions and authorisations Derived role are maintained in the master role is assigned to master role Organisation levels are not assigned in master role Organisational levels are assigned
  • 7.
    26/01/2017 7 Authorisations inSAP: best practices 3. Maintain authorisation matrix Authorisation matrix
  • 8.
    26/01/2017 8 Authorisations inSAP: best practices 4. Document changes in authorisations Document changes to authorisation roles
  • 9.
    26/01/2017 9 Authorisations inSAP: best practices 5. Non-maintained authorisations Unmaintained authorisations Many user administrators leave unmaintained authorisation (i.e. objects with some unmaintained field values) in the profile. Such unmaintained authorization often become big nuisance in long run. They are also one of the most common reason behind false positives raised during authorization review. SOLUTION: Maintain all authorisation objects in the authorisation profile.
  • 10.
    26/01/2017 10 Authorisations inSAP: best practices Tip 1 for maintaining authorisations: deactivate but keep the standard When changing authorisation objects the best way is to make a copy, deactivate the standard, and make changes to the copy.
  • 11.
    26/01/2017 11 Authorisations inSAP: best practices Tip 2 for maintaining authorisations: Read old status and merge with new data Use option ‘Read old status and merge with new data’ If you have a ‘Standard’ and a ‘Change’, the option ‘Read old status and merge with old data’ will not insert a new authorisation object.