Post on 31-Jan-2016
description
CONFIDENTIAL
Christian Wiegand – SAP ConsultingWalldorf, 2012
Automated Implementation of Role Concepts for SAP ERP
© 2011 SAP AG. All rights reserved. 2Confidential
Agenda
Introduction SAP Authorization Concepts and their Implementation
Method Automated Implementation of Role Concepts
Results Advantages and Planning
Introduction
© 2011 SAP AG. All rights reserved. 5Confidential
Customer ChallengeClassical approach vs. automated approach
AspectTraditional approach
(Workshop based)Automated approach
(Tool based)
Project duration:
External resources
Total
> 6 months
> 12 months
3 months
4 – 6 months
Approach:Workshop based,
manual/complex tasks
Automated approach
Review tasks
Costs:
External resources
Total
150 – 300 kEUR
200 – 400 kEUR
45 – 105 kEUR
70 – 160 kEUR
Quality issues• Lost transactions• Missing authorizations
after go-live
• No major quality issues
Major competitive advantages of automated approach
© 2011 SAP AG. All rights reserved. 7Confidential
Generic SAP ERP role contentSingle role concept / No functional redunanciesSegregating critical from non-critical functionsFunction oriented role concept
Segregation of Duty requirementsConsiders more than 297 access risks derived from the SAP BO Access Control (GRC) Solution
Tool supported approachAutomated solution to streamline the realizationRapid project results and short durations
Harmonized with Access ControlHarmonized with the functionality of SAP BO Access Control Solution
Global Service Owner:Christian Wiegand M.A.Dr. Philipp Knüsel
Service HighlightsAutomated Implementation of Role Concepts for SAP ERP
MethodAutomated Implementation of Role Concepts
© 2011 SAP AG. All rights reserved. 10Confidential
MethodologyAutomated Implementation of Role Concepts
Prepare SAP role proposals User-role assignmentFunctional and organizational description
of SAP best-practice role proposals
Transaction usage data
Phase II Phase III
CollaborationRules
Phase IV
I. II. III.
Generate SAP role proposals
Functional SAProle proposals
Review functionalrole proposals / Map Y/Z TCDs
Create SAPreference roles
Template todocument org.requirements
Maintain profilesof reference roles/ Define organi-zational sets
Create SAP derived roles
Phase I
Template / Tool Supported Template / Tool Supported Template / Tool Supported
IV.
Define user-roleassignment
Realize user-role assignment
Cust
om
er
Review transaction usage data
Review user-roleassignment
© 2011 SAP AG. All rights reserved. 11Confidential
Deliverables and Activities
TaskTime Line
Activities Deliverables
Analysis Remote
1 Day Export transaction usage data Transaction usage analysis
Workshop Onsite
1 Day Present transaction usage analysis to customer
Analysis Remote
2 Day Generate SAP role proposals SAP role proposals
Workshop Onsite
1 DayPresent functional SAP role proposals to
customer
Analysis Remote
2 DayRealization of functional reference roles on
customer SAP reference roles
Analysis Remote
1 DayCreate template to document organizational
requirements SAP organizational matrics
Analysis Remote
3 Day Create derived roles on customer system Realization of derived roles
Analysis Remote
4 DayCalculate SAP role assignment proposals /
Realization of user role assignmentsRealization of user role assignments
© 2011 SAP AG. All rights reserved. 12Confidential
Project Team
SAP project manager Serves as a central contact person, from project initiation to
go-live and support On the SAP side, responsible for functional project
management, coordination, support, and coaching of the customer’s project manager, and so on
SAP Security consultants (Front- / Back-Office) Responsible for implementation of the agreed scope for the
SAP AIRC solution
© 2011 SAP AG. All rights reserved. 13Confidential
MethodologyAutomated Implementation of Role Concepts
Phase I. Analysis of transaction usage:
Transaction usage per user
Analysis of transaction usage
© 2011 SAP AG. All rights reserved. 14Confidential
MethodologyAutomated Implementation of Role Concepts
Phase II. SAP best-practices Rollencatalogue
Naming convention
Role Description
Organizational Level
Role proposal
Licence Type
Functional Area
Module
SoD critical
© 2011 SAP AG. All rights reserved. 15Confidential
MethodologyAutomated Implementation of Role Concepts
Transaction usage linked to SAP best-practices roles
Phase II. Functional role specification
© 2011 SAP AG. All rights reserved. 16Confidential
AdvantagesAutomated Implementation of Role Concepts
Lower operation costs Lower implementation costs Reduced complexity
– Standardization– Less redundancies– Smaller number of roles
Aligned with SAP BO Access Control solution
Adaptable to customer requirements:
- Required roles
- Required transactions
- Organizational specification
Master roles for ERP business processes
Template basedapproach:
– High standardization– High re-usability
Compliance– SoD consideration
from scratch
Rapid implementation with pre-defined and adaptable tools
Automated realization of:- Required ERP roles- User-role assignment
Genera
lFl
exib
ility
Tem
pla
tes
Tools
Competitive Advantages based on SAP best-practices
SAP best-practices Role Design Approach has been successfully applied with
many customers