User Access Management: "Using SAST Safe Go-Live Management to prevent disruptions in authorization design."
-------------------------------------------------------------------------------------
Whether it's after an audit or during an S/4HANA project, companies' requirements regarding quality, the time involved, and of course, their project budget often differ greatly when it comes to planning authorization redesigns.
No matter what your own priorities are in authorization projects, AKQUINET offers solutions designed to meet every requirement to the letter. And the best part? Thanks to SAST Safe Go-Live Management methodology, your project won't cause any disruptions in your everyday business.
-------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
2. Our goal to optimize authorization projects
1) Schnellere Projektlaufzeiten um bis zu 70%.
2) Geringere Projektkosten.
3) Keine Einschränkungen im Tagesgeschäft.
4) Nachhaltiger Rollenbau und passende Berechtigungswerte
innerhalb der Rolle.
5) Passgenaue Projekte, zugeschnitten auf Ihre individuellen
Anforderungen.
6) Sicheres und langfristig erfolgreiches Projektvorgehen
mit Unterstützung der AKQUINET SAST-Suite.
1) Reduce project duration
2) Reduce further project costs
3) Trouble-free authorization Golive/
No limits for business departments
4) Precisely tailored roles
5) Precisely tailored projects which fits your requirements
- 2 -
3. Useful functions to optimize future roles
Trouble-free Go-Live with
SAST Safe Go-Live Management
Our project approach „PLATIN“
Conception Implementation Pilot User Test Go-Live
Define Auth Concept
Define responsibles
Define work places
and required
authorizations
Risik analysis
Determine roles wich fits
business requirements
(Template-approach)
Creation of composite
roles for each business
role
Generate roles
Activate SAST Fallback
User mechanism
Exchange roles of pilot
users (in production syst.)
Correction of auth
defects
Risik analysis
Exchange roles of
remaining users
Correction of auth defects
Risk analysis
Finalization of
documentation
Analyze
Analyze transactions,
Org-elements and
documents
Analyze transaction-
usage
Analyze documents
- 3 -
4. Overview of all functions in SAST module SGM
- 4 -
Overview
Complete authorization trace as basis to design future user permissions
Automatic creation of T-Codes for table and ABAP report access
Optimization of authorization proposals (SU24)
Selection of permissions based on SoD free role templates
Automatic role creation based on authorization trace for technical users
Automatic creation of test users
Trouble-free authorization Go-Live by usage of fallback users.
5. Complete authorization trace
- 5 -
Authorization trace
database
Complete authorization trace and transaction usage as basis to design future user
permissions
Automatic role creation based on authorization trace
for technical users
Optimization of authorization proposals (SU24)
Smart analysis and correction of authorization defects by using
drill down function to authorization trace database
6. Automatic creation of transactions
Table access (via SE16 or SM30)
Report access (via SA38/SE38)
Developer not required to create transaction codes
Opportunity to reduce assignment of critical transactions SE16/SE16N/SA38/SE38 and SM30
Automatic update of SU24-Values with objects S_PROGRAM, S_TABU_NAM and S_TABU_DIS
- 6 -
7. Update of:
Parameter transactions
Tcodes and RFC function modules
Supported by:
Source Code analysis
Trace analysis
Optimization of SU24 values
Save time for your authorization admins
Substained role creation Increase of role quality
Maximum acceptance on end user side
- 7 -
8. Role creation for users or user groups
Role creation for work places
Usage of trace information ST01 or SU53 trace buffer
Automatic role creation based on trace database
Precicely tailored roles
Low rate of authorization defects
Save time for role creation process
- 8 -
9. Automatic creation of test users and role assignment
Flexible naming of test userIDs
Automatic definition of password
Optional
Assignment of general basis role
Assignment of general department role
Automatic test user creation
Save time and costs in test phase
- 9 -
10. Protected GoLive with fallback function
In case of authorization problems,
access to old permissions by user self service
function.
Overview of fallback sessions
Drill down function to user trace
data in order to analyze and solve
issues quickly.
Authorization GoLive supported by „SAST Safe Go-Live Management“
Separate authorization test not required anymore, hereby high time and cost savings
No restrictions for daily business after authorization GoLive
No additional SAP licence costs for due to fallback user function
- 10 -
11. SAST Safe Go-Live Management
Change your permissions with „Fallback“ option
- 11 -
The operative business is affected by the "fallback” option at no time!
Users with
new permissions
Go-Live
Lack of
authorization
Temporary
authorization
Productive operation
ensured
Permission adjustment
in the background
Users with
new permissions
SAST Safe Go-Live
Productive
operations
12. Workflow to establish fallback user session
- 12 -
Authorization problem occurs
Activate
SAST fallback function
(User Self Service)
E-Mail notification
to administrator
(automatic)
Analyze and solve issueDeactivate
SAST fallback function
Assign fallback user
E-Mail notification
to enduser
(manually)
!
13. Automatic E-Mail notification in case of fallback user session
Solution finding process significantly simplified by linking to user auth. trace data
Average time to solve authorization issue about 5 minutes (Experience of first projects).
Communication with end users only required in ecxeptional cases.
How to analyze authorization issues easily and quickly
- 13 -