SAP authorization concepts are used to map legal norms and company-internal regulations to the protection options within an SAP system. These form the solution for optimal technical protection of an existing SAP system both internally and externally.
A structured SAP authorization concept offers SAP customers the ability to comply with all legal and company-internal requirements without the need for major investment.
To protect transactions, programs, services and data within the SAP system against unauthorized access, it is possible to assign authorizations in user master maintenance. TRIACOS’ experienced SAP consultants work with the customer to create an SAP authorization concept and, following mutual agreement, this is implemented in the customer’s SAP system.
For this purpose, a representative of the customer works with a TRIACOS employee to determine which data the users should have access to, and which type of access this should be (display, change, create, delete, etc.). Also, when the authorization roles are created, you can determine in which organizational level, e.g. company code, purchasing group, purchasing organization, plant, etc. the authorizations are valid.
The goal of an SAP authorization concept is to assign to each user, in compliance with guidelines, the authorizations required in the SAP system to carry out his tasks and activities.
Generally assigning all rights to all users is not the correct solution. It is much better to assign clearly defined authorizations. With role-specific authorizations, each employee is given access to the SAP system in accordance with his tasks and activities.
Clear authorizations are not a sign of mistrust but rather they offer protection for the employee. Serious damage as a result of the unintended actions of employees can be prevented, for example, the removal of a delivery block that has been imposed.
The SAP role concept is the most important function in authorization management and this is created in collaboration with the customer.
Authorization roles serve as a link between the users and the authorization capabilities and activities, and they are available in the system as individual authorization objects.
Following the assignment of a role to an employee, the employee can view the transactions assigned to him in his user menu which is displayed when he logs into the SAP system.
Administration of the roles and authorization data takes place in SAP administration. Using selected menu functions here, automatic generation of the required data is triggered. This data can then be post-processed and adjusted to meet the requirements.
In addition to creating and setting of users as inactive, the central SAP user management means that the newly created roles can be processed centrally, and they can be assigned to their users as required.
As an experienced SAP consulting company, also in the handling of authorization, role, and user management, we advise and support the customer so that the authorization/role concept that is created is well thought out and sustainable.