Definition of SAP Roles and Authorizations strategy
Before rebuilding or even adjusting your SAP roles, you need to know one essential thing: see clearly.
What is the real status of your authorizations? Where are the risks? Should we redo everything or just optimize?
Good framing means fewer unforeseen events, fewer hidden costs and greater impact.
What we propose. Stages of the scoping mission
Project scoping SAP Roles & Authorizations
Align methodological aspects, planning and prerequisites.
Objective: make informed decisions and get your project off on the right foot.
1. Diagnosis of existing assets
Review of access allocation and management practices.
Identify potential vulnerabilities (overly broad access, SoD, redundancies, etc.).
Identify deviations from SAP best practices and compliance requirements.
2. Alignment workshops
Exchange with IT, business and compliance stakeholders.
Validation of the scope of the future project.
Definition of governance, roles and expected contributions.
Discussion of internal constraints, audits, project dependencies.
3. Recommendations & strategic options
Proposed development scenarios: optimization, partial or total redesign.
Identification of quick wins and risk areas.
Technological choices (GRC or not, Fiori or GUI, etc.).
Target modeling (approach by business role, process, users, etc.).
4. Roadmap
Workload estimates, realistic planning, key milestones.
Budget recommendations (internal and external efforts, possible tools).
Agree on deliverables.
Ready to frame your project intelligently?
An SAP role overhaul isn't just a technical project.
It's a opportunity to secure, simplify and professionalize your access management.
Contact us to schedule your scoping mission.
A small step now, for a big gain tomorrow.
For whom?
Companies that don't know where they stand with their role solution (new management, carve out, S/4 HANA or FIORI migration project in preparation) and need advice on how to tackle these issues (prioritization & project dependency, method...).
Security, IT, internal control or business teams faced with audit alerts or constraints (internal or from their customers)
What you earn
A clear, shared vision of what exists and what's at stake.
Concrete recommendations for securing and modernizing your accesses.
A structured project from the outset, with committed stakeholders.
An informed decision: make the right choices at the outset, not along the way.
Terms and conditions
Typical duration: 2 to 4 weeks.
Charge: 5 to 10 days.
Deliverables: analysis report, action plan, project roadmap, budget estimate.
Mode: on-site or remote, according to your preferences.
Stéphanie RAHIER, Group CIO, ADOVA GROUP
After 10 years working with Christophe, and finally the Secureway team (Grégory, Emmanuel and Davy), in 3 different companies, I developed a simple reflex:
An SAP authorization problem? Need to set up TMA on SAP authorizations?
SAP authorizations managed with method, advice and pragmatism, all in a good mood! Secureway.
With Secureway, I'm sure that my authorizations are well-guarded!
Jean-Yves Kemplaire, Information Technology Director - Global IT, CHR HANSEN
More than 10 years of fruitful cooperation with Grégory, Christophe and Emmanuel have enabled us to develop our SAP and SOD security management for over 3,000 users worldwide, as well as our internal and external audit management.
A highly professional team, always ready to listen, able to make suggestions and close to people.
Frequently asked questions (FAQ) about defining roles and authorizations strategy
Why is it essential to redefine our roles and authorizations strategy before migrating to S/4HANA or Fiori?
It is essential to redefine your roles and permissions strategy before migrating to S/4HANA or Fiori because the current authorization model often reflects decades of successive additions, creating technical debt and major SoD conflicts. S/4HANA and Fiori introduce new logics (Fiori applications, new objects) that are not compatible with the old SAP ECC role models. A strategic redesign will securing the new platform as soon as it is deployed, and to adopt the principle of least privilege natively.
How does Secureway ensure that the new role model is aligned with our actual business processes?
For ensure alignment of the new role model with your actual business processes, Secureway uses a collaborative approach based on functional design workshops intensive. We do not start from a theoretical model, but rely on the mapping of critical business processes (P2P, OTC, etc.) to define granular roles that accurately reflect end-user tasks. Using our tool SWAWE allows us to simulate allocations and analyze risk in real time before the technical construction phase.
What is the main deliverable of the strategy definition mission, and how is it implemented?
The main deliverable of the strategy definition mission is the «Target Operating Model» authorizations. This model includes: the new role nomenclature (functional roles, organizational roles), the SoD risk matrix customized for the company, and detailed specifications for the technical construction of the roles. This model then serves as the basis for the construction and testing, which Secureway can also support to guarantee the quality of implementation and the effective reduction of SoD risks.
We're an SME. Is a complete overhaul of our role strategy appropriate for our size?
Yes, a complete overhaul of your role strategy tailored to your size (SMEs) and may even be more critical. In SMEs, users often have cumulative responsibilities (multiple hats), which increases the risk of SoD conflicts at user level. The strategy won't necessarily be to create hundreds of fine-tuned roles, but to create a single pragmatic model which clearly identifies friction points and proposes compensatory controls effective where physical separation of tasks is not possible.
Contact us
(+33) 6 66 63 03 02
Grégory BIASOTTO
8 avenue de Paris 78000 Versailles
contact@secureway.fr
Entrust us with your project
Our teams will be happy to answer any questions you may have.