CONCLUSION
Mitigating GRC risks for SAP systems
For an up-to-date description of the eligibility tests in the EWA, see SAP Note 863362. Updates to these checks are provided by keeping the ST-SER software component, which contains the definition of checks to be performed, up to date and enabling the automatic content update in the SAP Solution Manager.
You use Central User Management and wonder why you still need to evaluate the licence data individually in the attached systems. This does not have to be the case, because a central evaluation is possible! There are licence fees for using SAP systems, and you need SAP licence keys. The amount of your licence costs will be determined during the current operation, depending on the number of users and the features used in the SAP software. The survey programme (transaction USMM), the results of which you transmit to SAP, serves this purpose. Not only the number of users is relevant, but also their classification, the so-called user types. You assign these to the user via the transaction SU01 or the transaction SU10 (Licence Data tab). Alternatively, you can let the user inherit the user type of a reference user or classify it via an associated role. This is done by analogy when you use the Central User Administration (ZBV). So far, there has been no central evaluation of the data of all systems connected to the ZBV. Now this has changed, and we'll show you how you can use this analysis.
Goal of an authorization concept
If an authorization system grows too much over the years and there is no structured approach, the result is uncontrolled growth. If companies wait too long with the cleanup, a complete rebuild of the authorization structure or a new concept may make sense. This must be clarified quickly in the event of a cleanup.
How do I compare roles (RSUSR050)? With the report RSUSR050 you can compare users, roles or authorizations within an SAP system or across systems. To do this, start transaction SE38 and run the above report.
With "Shortcut for SAP systems" you can automate the assignment of roles after a go-live.
The majority of German companies with an SAP system do not yet use authorization tools.
A corresponding eligibility test should not be forgotten.