With the economic restrictions and challenges these are creating, the COVID-19 pandemic continues to be the determining factor in both business and our personal lives. And as far as we currently know, this situation will continue for quite some time. What companies need now is adjusted SAP authorization management for times of crisis, to ensure that employees can take over important tasks from colleagues as quickly as possible and without constraints on day-to-day business.
Many companies are finding it difficult to keep their SAP systems secure and their processes running smoothly. The typical cause: a lack of resources – because crucial employees have been put on short hours, are using vacation days for childcare, or have even fallen ill. You should therefore verify your SAP authorization management, especially now, in times of crisis!
What can you do to keep your ship on course with a reduced crew?
Ideally, the crew members who are still there should be able to take over work from their absent colleagues. But, to stick with our metaphor: how can the deck hand be expected to cook meals if he doesn’t have access to the mess cabin? The key phrase here is temporary expanded authorization.
Our SAST team has the expertise, support tools, and available personnel to give you the best possible assistance. We’ll not only secure your SAP systems reliably, we’ll also keep your business and IT processes running. A key success factor here is a reliable authorization concept in times of crisis: one focused on limited, temporary, or permanent authorization extensions. Your employees can be assigned authorizations to take on additional tasks for a defined period.
A variety of approaches are possible, depending on the requirements. We differentiate between scenarios without notification (limited assignment), with notification (temporary assignment), and with notification and auditing.
Limited assignment scenario without notification
- Direct expansion of user authorization to authorization for the group or department:
All members of a group receive the authorizations of a defined group for a limited period, in addition to their current authorizations.
- Direct expansion of user authorization to the authorizations of a specific user:
The user receives the authorizations of another user for a limited period, in addition to their current authorizations (substitution).
In this two examples, users are assigned additional authorizations for a limited period. No notifications are sent regarding the use of these additional authorizations. The advantage: Only SAP built-in features are used.
Temporary assignment scenario with notification
The user who is supposed to perform a colleague’s activities receives defined, expanded authorization for this specific action, which is then removed – automatically or manually.
In this scenario, temporarily expanded authorizations are configured for the user. Defined persons at your company are notified via e-mail of the use of the extended authorizations. This option requires an SAP add-on from SAST SOLUTIONS.
Temporary assignment scenario with review by an auditor
The Super User Management module of the SAST SUITE you can grant users access to emergency users (user accounts with expanded authorizations) to carry out activities that they are not normally authorized for. In contrast to the scenarios described previously, auditors are assigned to monitor the employee activities in this case. This makes it possible to deny access to the expanded authorizations at any time.
All of the above cases for SAP authorization management in times of crisis can be implemented quickly according to your specific needs removed from your system again just as easily – or you can keep them as an installed solution in your systems.
Sascha Heckmann (Team Coordinator SAP Authorizations, SAST Consulting)
These topics may also be of interest to you: