User Access Management: "Using SAST Safe Go-Live Management to prevent disruptions in authorization design." ------------------------------------------------------------------------------------- Whether it's after an audit or during an S/4HANA project, companies' requirements regarding quality, the time involved, and of course, their project budget often differ greatly when it comes to planning authorization redesigns. No matter what your own priorities are in authorization projects, AKQUINET offers solutions designed to meet every requirement to the letter. And the best part? Thanks to SAST Safe Go-Live Management methodology, your project won't cause any disruptions in your everyday business. ------------------------------------------------------------------------------------- Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de

1. Trouble-free
Authorization
Redesign with
SAST Safe Go-Live
Webinar: May, 2018

2. Our goal to optimize authorization projects
1) Schnellere Projektlaufzeiten um bis zu 70%.
2) Geringere Projektkosten.
3) Keine Einschränkungen im Tagesgeschäft.
4) Nachhaltiger Rollenbau und passende Berechtigungswerte
innerhalb der Rolle.
5) Passgenaue Projekte, zugeschnitten auf Ihre individuellen
Anforderungen.
6) Sicheres und langfristig erfolgreiches Projektvorgehen
mit Unterstützung der AKQUINET SAST-Suite.
1) Reduce project duration
2) Reduce further project costs
3) Trouble-free authorization Golive/
No limits for business departments
4) Precisely tailored roles
5) Precisely tailored projects which fits your requirements





- 2 -

3. Useful functions to optimize future roles
Trouble-free Go-Live with
SAST Safe Go-Live Management
Our project approach „PLATIN“
Conception Implementation Pilot User Test Go-Live
Define Auth Concept
Define responsibles
Define work places
and required
authorizations
Risik analysis
Determine roles wich fits
business requirements
(Template-approach)
Creation of composite
roles for each business
role
Generate roles
Activate SAST Fallback
User mechanism
Exchange roles of pilot
users (in production syst.)
Correction of auth
defects
Risik analysis
Exchange roles of
remaining users
Correction of auth defects
Risk analysis
Finalization of
documentation
Analyze
Analyze transactions,
Org-elements and
documents
Analyze transaction-
usage
Analyze documents
- 3 -

4. Overview of all functions in SAST module SGM
- 4 -
Overview
 Complete authorization trace as basis to design future user permissions
 Automatic creation of T-Codes for table and ABAP report access
 Optimization of authorization proposals (SU24)
 Selection of permissions based on SoD free role templates
 Automatic role creation based on authorization trace for technical users
 Automatic creation of test users
 Trouble-free authorization Go-Live by usage of fallback users.

5. Complete authorization trace
- 5 -
Authorization trace
database
 Complete authorization trace and transaction usage as basis to design future user
permissions
 Automatic role creation based on authorization trace
for technical users
 Optimization of authorization proposals (SU24)
 Smart analysis and correction of authorization defects by using
drill down function to authorization trace database

6. Automatic creation of transactions
Table access (via SE16 or SM30)
Report access (via SA38/SE38)
Developer not required to create transaction codes
Opportunity to reduce assignment of critical transactions SE16/SE16N/SA38/SE38 and SM30
Automatic update of SU24-Values with objects S_PROGRAM, S_TABU_NAM and S_TABU_DIS
- 6 -

7. Update of:
 Parameter transactions
 Tcodes and RFC function modules
Supported by:
 Source Code analysis
 Trace analysis
Optimization of SU24 values
Save time for your authorization admins
Substained role creation  Increase of role quality
Maximum acceptance on end user side
- 7 -

8.  Role creation for users or user groups
 Role creation for work places
 Usage of trace information ST01 or SU53 trace buffer
Automatic role creation based on trace database
Precicely tailored roles
Low rate of authorization defects
Save time for role creation process
- 8 -

9.  Automatic creation of test users and role assignment
 Flexible naming of test userIDs
 Automatic definition of password
Optional
 Assignment of general basis role
 Assignment of general department role
Automatic test user creation
Save time and costs in test phase
- 9 -

10.  Protected GoLive with fallback function
 In case of authorization problems,
access to old permissions by user self service
function.
 Overview of fallback sessions
 Drill down function to user trace
data in order to analyze and solve
issues quickly.
Authorization GoLive supported by „SAST Safe Go-Live Management“
Separate authorization test not required anymore, hereby high time and cost savings
No restrictions for daily business after authorization GoLive
No additional SAP licence costs for due to fallback user function
- 10 -

11. SAST Safe Go-Live Management
Change your permissions with „Fallback“ option
- 11 -
The operative business is affected by the "fallback” option at no time!
Users with
new permissions
Go-Live
Lack of
authorization
Temporary
authorization
Productive operation
ensured
Permission adjustment
in the background
Users with
new permissions
SAST Safe Go-Live
Productive
operations

12. Workflow to establish fallback user session
- 12 -
Authorization problem occurs
Activate
SAST fallback function
(User Self Service)
E-Mail notification
to administrator
(automatic)
Analyze and solve issueDeactivate
SAST fallback function
Assign fallback user
E-Mail notification
to enduser
(manually)
!

13.  Automatic E-Mail notification in case of fallback user session
 Solution finding process significantly simplified by linking to user auth. trace data
 Average time to solve authorization issue about 5 minutes (Experience of first projects).
 Communication with end users only required in ecxeptional cases.
How to analyze authorization issues easily and quickly
- 13 -

14. Our project approaches
PLATIN
GOLD
SILVER
Faster project run times
Lower project costs
Precisely tailored projects
Efficient and protected projects
- 14 -

15. LET´S TAKE THE NEXT STEP TOGETHER
TIM KRÄNZKE
Director International Sales & Alliances
 More than 30 years experience in IT
 Specialized in SAP Security Products since 14+ years
 Long-term working with International Customers and Partners
Email: sast@akquinet.de
Web: www.sast-suite.com
© Copyright AKQUINET AG. All rights reserved. This publication is protected by copyright.
All rights, in particular the right of reproduction, distribution, and translation, are reserved. No part of this document may be reproduced in any form (photocopy, microfilm or other process) or processed, copied, or distributed using electronic systems without the prior
written agreement of AKQUINET AG. Some of the names mentioned in this publication are registered trademarks of the respective provider and as such are subject to legal provisions.
The information in this publication has been compiled with the greatest care. However, no guarantee can be given for its applicability, correctness, and completeness. AKQUINET AG shall assume no liability for losses arising from use of the information.