Challenges to extend visibility to complex SAP access authorizations addressed by a QlikView driven, in-house developed SAP Access Authorization Solution
1. SAP Access Authorization Service 2015
1 | Page
SAP is a Resource Planning software for enterprises to standardize & integrate key business processes and
functions. It provides real-time information for informed decision making, remove redundancies to deliver a
controlled environment.
However, a key element that has an adverse impact on controlled environment is Access Authorization is
usually attended less when compared to implementing a new functionality or managing operations. In-
attention over time leads to a mushroom growth that eventually turns into an issue with a sizeable cost.
Solution?
1. Develop SOP aligned SAP access authorizations
2. Ensure that these are adequately maintained as per agreed mandate
But all mandates, policy, standards, adherence, management support start with one query, how can one
transparently access SAP user authorizations
This is a standing issue for all SAP installation supporting large enterprises to provide visibility of SAP Access
Authorizations to all management levels to rightfully perpetuate a sense of accountability, sensitivity and
responsibility
But HOW?
- SAP access authorizations are complex to start with, are very technical and not user friendly
- There is no report or a standard functionality that provides a complete view of an authorization;
rather different views under SAP User Information Management (SUIM) have to be run to obtain a
position that subject to correct analysis lead to a sound assessment for a SAP IT specialist only
Solution
In-house developed, QlikView based SAP Access Authorization solution that uses a SAP connector to extract
access authorization information, compile it and present it in a user friendly dash-board
Using the SAP Access Authorization Solution for a utility setup, it was noted that:
Approximately 60% of the SAP access authorization were 'In-Excess' per the user SOP
Approximately 80% of the SAP roles carry different authorizations then what their name suggested
Out-dated authorizations assigned to the user through a job based SAP role were outdated and
assigned to users given a different job by HR
And the requirement to develop 'Business Process' based SAP roles
Salient Features - SAP Access Authorization Solution:
1. SAP level-1 & level-2 access authorization on all possible dimensions including user, group,
department, Transaction code (T-code), role, plant, storage locations etc.
2. Dynamic authorization matrix that model its presentation upon your selection
3. Compare SAP roles, user and authorizations across time and also identify any changes
4. Propose utilization of SAP standard T-codes and authorization to users falling in different
management cadres
2. SAP Access Authorization Service 2014
2 | Page
SAP Access Authorization Service
Dynamic &detailedSAP Authorization Matrix
till the activity level for all SAP users
authorized 'Single Roles'
3. SAP Access Authorization Service 2014
3 | Page
SAP Access Authorization - Comparative View SAP access authorizationbefore &after the company
wide access authorization restructuring exercise
T-Codes authorized
per Job-cadres
Utilizationofstandard SAP
T-Codes*
Flexibility to view the complete
position on a business area
SAP Authorization Matrix
at the T-Code level