SAP Authorization Concept

SAP Authorization Concept

When a user logs onto SAP all the authorization objects and fields that have been assigned to them through roles and profiles are loaded into their "user master" record

When a user attempts to execute an action in SAP the authorization objects and fields from the user master are checked programatically.

Whihin the fields of the authorization objects a user can be restricted to:

• Display vs. Maintain
• Specific itmes calssified by company codes (or many other groupings)
• Many other restrictions based on individual objects

SAP Authorization - Potential Issues

Segregation of Duties and Senstive Access

• Users could be given access that would result in segregation of duties risks or have access to powerful business or IT functions without authorization

No Visibility into Potential Issues

• No visibility into who has SoD confilcts or even sensitive access without a considerable manual data pull and analysis

No Prevention of New Problems

• No way to truly prevent assignment of roles that create inheritance issues or crteate SOD risks