SAP Access Control benefits
March 22, 2018
SAP Access Control benefits
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with SAP Access Control
We are using SAP Access Control on a company with about 800 users. The main problem to solve is to assign privileges to users according to their job function, keeping the segregation of duties well managed. The aim is to cover all the organization operations in five countries. The business problem SAP Access Control deals with is fraud due to excessive access privilege. When you look at about 2000 transactions available on SAP, to select the right ones to every employee is a daunting task. Those transactions you select for every employee get registered on SAP Access Control and this allows the required monitoring to keep from changes on the original design. The changes can occur accidentally or intentionally, either way, they are controlled through SAP Access Control.
- Segregation of duties is the first thing. SAP Access Control allows to declare couple of transactions that can not be assigned together because they represent an action and an authorization for the action. Using these Segregation of Duties rules allows SAP Access Control to report on users that do not comply with a given rule.
- Workflow for access management is second. The provision of new users, new roles or the changes made to roles can be streamlined on the application. This allows the implementation of effective and efficient procedures to meet all access requests.
- Monitoring on super user activities. Using SAP Access Control, we can remove to IT personnel all the super user privileges. If the occasion arises and someone for the IT department requires super user privileges to solve or troubleshoot a problem, a special role is assigned temporally to him. SAP Access Control keeps a log of the activities performed during the time the IT user works with the in the temporary role, allowing complete monitoring on super user activities.
- SAP products in general are not user friendly. SAP Access Control is no exception to this. Even though the use of the Netweaver interface is a big improvement on user interaction, the presentation of big amounts of data could be improved (list of roles, information of values assigned to authorization object fields, and the like).
- Regarding functionality on Access Control, the product is about complete; I cannot think of anything else to add to it.
- Reducing risk of fraud. Implementing SAP Access Control allows analysis of every role assigned to a job on the organization. Through this analysis, weakness on roles are detected, corrected and monitored. As the users feel the change, they also feel that they are being monitored, preventing any intent to use his position and privileges to take personal advantage. So a major impact to organizations is to reduce the financial lost due to frauds.
- Reducing cost for monitoring. Another positive impact is lowering the cost of monitoring. This is twofold: First, a rather small team can manage access management. Second, through the use of SAP Access Control the complete universe of roles and users can be monitored without increasing the cost for the continuous monitoring.
- During transactions. The use of SAP Access Controls allows detection of transactions that, from an information security point of view, require some redesign. When SAP GCR is implemented, you make some discoveries such as: obsolete transactions, transactions with no authorization objects and the like. The transactions with these problems can be left out of the active roles, waiting for remediation of the issues found.