SAP Security & Authorizations

SAP platform security is a key element to ensure the accurate business processes flows and the complete and correct data. Our approach assumes security on several perspectives: system level (audit, operating system parameters), business processes (automatic, configurable and embedded controls), user access (authorization and use of GRC tools). We also conduct dedicated trainings and workshops to share knowledge and the best practices related to SAP system security, gathered through many years of hand-on project experience.

SAP Security

Our approach to SAP system security requires a holistic view of processes in the organization. The basis is always the creation of an appropriate security strategy, giving high-level guidelines, enabling the construction of consistent access management processes, and thus allowing for ordering both operational activities and authorization in the SAP system.

Security state assessment

An important element of the security state assessment is conducting an review and determining the current state of the application system security. The basic assessment is to verify the current user rights in the system are accurate and are reflecting employee job description. Such a process can take place for both business users as well as employees and IT contractors.

The review is based on pre-defined Segregation of duties matrices developed by our team. In addition, we always recommend adapting matrix to specific company requirements. The analysis is conducted based on authorization data collected from SAP systems in off-line or on-line mode (depending on the circumstances). The result of the audit is a report summarizing the current number of actual segregation of duties conflicts and critical accesses in the SAP systems, as well as recommendations for improving the current situation.

SAP configurable controls

SAP business process configurable controls drive the way business process risks are mitigated. There are numerous SAP configuration parameters that can be leverage as automated controls within standard SAP functionality. During initial system implementation project, different objectives have priorities, therefore many system parameters are not set for best practices. As a result, many typical business process risks are not covered, as controls components were not considered during system implementation blueprint phase. By optimizing SAP control, organization can reduce the risk of fraudulent activity, improve their effectiveness in monitoring business process risks.

Role and authorization redesign

Our company, based on audit background and the technical expertise of our consultants, offers services in the area of role redesign and authorization in the SAP system. We start from developing a business concept for user access roles, including SoD matrix (Segregation of Duties) requirements, to technical implementation of roles in SAP systems and support post-implementation. Our approach considers internal security and access risks requirements of the company and external regulations.

This approach allows the organization to meet the business objectives of the project and achieve compliance with legal requirements. Addressing these two aspects significantly reduces the costs of maintaining the role catalog, while minimizing legal and financial risk resulting from non-compliance with current regulations.

Periodic user access review

One of the key challenges, for security administrators, is to conduct periodic certification of user to role assignments. User authorization topic is very complex in SAP system, mainly due to massive number of roles and profiles assigned to user. This make periodic user access review difficult to execute, and sometime in extreme cases, this process is not carried at all. This process needs to support by external GRC tools (SAP GRC, smartGRC). Implementing a tool in this area can bring significant savings in the use of internal resources - both on the IT side preparing the review, as well as on the side of business departments, which are often responsible for verification of entitlements.


Work on enhancing the SAP security and authorizations are processes that are directly influenced by audits, implementation of new functionalities, and changes in the legal environment. Adapting the organization to new requirements is an action requiring thorough domain knowledge and knowledge of best market practices.

As a response to these challenges, we support SAP security teams in the following areas:

  • Role redesign and SAP authorization improvements - analysis and re-design of business role catalogs, technical role implementation, support in role tests, and post-implementation support.
  • Support in the implementation of new requirements for the current SAP application roles architectures, for example: limiting access to personal data, implementation of segregation of duties (SoD), removal of critical access.
  • Support for migration to S / 4HANA - adaptation of current role catalogs to the requirements of S / 4HANA, assessment and implementation of changes in segregation of responsibility (SoD) matrices.
  • Implementation and support for GRC tools such as smartGRC, SAP GRC and others - implementation of additional functionalities and areas, error handling, user support.
  • Construction and modification of segregation of duties (SoD) - analysis of the current situation and customer requirements, transaction mapping, implementation of changes in the matrix, tests.
  • User support - ticket service, preparation of reports and analyzes, support during SoD analyzes, reviews and certification of permissions.

Cooperation forms

Loan staff - hire our SAP security consultants to support your security team in a full-time manner. In this cooperation model, the consultant works full-time under the client's management, performing the tasks assigned by him. Hiring consultants is an ideal proposition for companies that:

  • need a support for a temporary staffing shortage challenge
  • rapid company development
  • new compliance requirements for example Sox reporting compliance, to ensure access reduction in short time
  • They are not able to fully support all processes due to the increased concentration of resources on the priorities of the organization
  • They do not have adequate knowledge to carry out the tasks assigned
  • On-demand support

    Project support - hire our team to support your SAP security challenge in role redesign project in a fixed fee agreement or more flexible time & material support.