We can help you start over from scratch in authorization management or redesign your established concepts for optimal clarity – prior to your migration to S/4HANA, for example.

Our project models allow for a high degree of flexibility and they are tailored to your particular requirements.

In all of our authorization projects, we use modules of our proven SAST SUITE and can optimize automation to shorten project runtime by up to 70 %. Your project budget will thank us!

Meanwhile, is your next audit right around the corner? Once we show you your priority-one findings, you'll be able to relax as the big day approaches.

Pilot Studies

Our pilot studies provide you with a list of the current weaknesses in your existing authorization concept. Our proprietary tool SAST SUITE is ideal for this.

We then explain what actions you should take and create a project phase plan with detailed cost estimates, all tailored to you.

In this way, every authorization project is destined to be a complete success.

Authorization Concepts
SAST Consulting: SAP Authorization Concepts

The constant expansion of the number of users and authorizations means it is increasingly difficult to make the correct assignments. Over time, role content has changed, and the wide variety of transactions and authorization objects has only become more sophisticated. Often, it is no longer possible to easily keep track of it all.

As if that weren't enough, compliance guidelines are becoming more and more strict:

  • Critical authorizations
  • Segregation of Duties (SoD)
  • Traceable, system-supported authorization assignments

Our concepts give you the opportunity to try new ways of doing things and to introduce simple authorization assignments from start to finish. This helps to keep your administrative expenses down as well as to comply with current and future legal requirements. Our motto is "as much as possible with as little as possible".

Once the concept phase is complete, we won't leave you on your own. We will be more than happy to help you implement your new authorization management. And the best part? Our Safe Go-Live approach means you won't see any disruptions in your everyday business.

Cleansing and Implementation of Roles and Authorizations
SAST SUITE: Safe Go-Live Management for trouble-free authorization projects

For many companies, the next step after an audit or the annual audit acceptance is often to redesign their authorization management. Frequently, such an audit identifies authorization objects that are much too comprehensive. Typically, decision-makers are unaware of how critical this is – or it is an intentional decision made to avoid supposed disruption to daily operations.

Our customers' requirements regarding quality, the time involved, and of course, their project budget often differ greatly when it comes to planning this kind of project. No matter your priorities in authorization projects, we offer solutions designed to meet every requirement to the letter.

All these projects have one thing in common: Our authorization consultants use our proprietary SAST SUITE modules to cleanse your critical authorizations. For you, this means we achieve a cleansing rate of up to 95 % – and we can also analyze the actual use of critical object values across all users.

One of the biggest challenges faced in a redesign project is ensuring the continuity of normal business operations. With our SAST Safe Go-Live Management approach, this concern is now a thing of the past. Not least because, in the event of an unforeseen error situation, your end users will be enabled to quickly and independently extend their authorizations - but only as far as the status quo before the migration. Your administrators will, of course, be notified about this.

Your advantages at a glance

  • Meet all requirements to the satisfaction of internal and external auditors
  • Automatic generation of roles saves you from deriving them manually
  • Authorization requirements are based on tool-supported analyses of actual user behavior
  • Comprehensive, completely SoD-free template roles ensure the success of your project
  • Prefab concept templates give you a leg up on documentation
  • Our modular approach means you have the greatest possible flexibility in the project phases
S/4HANA Migrations

Most likely one of the biggest tasks currently facing all SAP managers is the necessary migration to S/4HANA.

In our experience, we find that project kickoff is when many companies truly realize how many differences there are between SAP ERP and S/4HANA. Even more concerning is the fact that SAP security is often ignored completely during a migration.

Why is an S/4HANA migration impossible without also redesigning your authorizations?

  1. S/4HANA is a wholly new software, not an extension of SAP ERP
  2. Changes to process workflows mean that familiar transaction codes are no longer used, have different content or have been replaced by new transactions or Fiori apps
  3. The large number of discontinued or transferred transactions must be updated in your ruleset
  4. Around 150 new critical basis transactions have not yet been taken into account in most SoD rulesets
  5. The new SoD processes must include both the existing transactions and the OData services underlying the Fiori apps

Two possible approaches to ensuring the success of your S/4HANA migration

Transformation from your legacy System
  • Examine your process-role model
  • Take your SoD ruleset into account in the changed S/4HANA business processes
  • Migrate and automatically adjust using the role and authorization modules of the SAST SUITE
  • Update your SU24 default values automatically, even for your custom code
  • Support for an audit-compliant implementation
  • Testing support with SAST Safe Go-Live Management

Redesign your SAP authorizations

  • Create a process-role model based on our best practice approach in combination with the authorization trace in the SAST SUITE
  • Take your SoD ruleset into account in the changed S/4HANA business processes
  • Tailor-made redesign by using SAST SUITE
  • Support for audit-compliant design with our best-practice templates
  • Testing support with SAST Safe Go-Live Management

When designing your S/4HANA authorization concept, the quality of your current roles and your internal objectives are the deciding factors for determining whether the brownfield or the greenfield approach is right for you. We are happy to support you in this decision within the scope of an authorization pre-study.

You will definitely benefit from one advantage in a migration project with us the SAST Safe Go-Live approach. This is how we ensure that the authorization structures behind the Fiori apps are transparent for your interwoven landscape of a S/4HANA system, which intertwines both the SAP Fiori frontend and the SAP backend server. In addition, you not only receive a detailed record of user activities, but also a code analysis of the executed reports.

Our project approach at a glance

  • We analyze your existing processes, roles and authorizations with our SAST SUITE, checking for reusability, critical authorizations and SoD risks
  • Concept proposal for transforming your current authorizations and/or creating new, tailor-made S/4HANA roles
  • Update to your SU24 values on SAP S/4HANA
  • Configure your SAP Fiori apps

Our SAP Security Consultants will be happy to help you identify and eliminate any security vulnerabilities on the application server, your operation system or the databases.

GRC Workshops and Software Rollouts

When it comes to GRC software, every target group has its own particular demands and requirements.

That's why we offer workshops and training courses that are tailored to your needs:

  • Risk workshop on developing a specific authorization rule set
  • Trainings that will show your internal auditors how to implement periodic analyses
  • Courses for all the users and admins who work with SAST SUITE

If you're thinking about implementing GRC software at your company, feel free to put us to the test. You can take SAST SUITE on a test drive to gain some initial experience or conduct a more extensive analysis of our software in a proof-of-concept format. Once we have convinced you, we will of course be happy to assist you with the installation.

That’s what our customers say:

"Instead of repeatedly ironing out unevennesses in the roll administration, we’ve used SAST SUITE to put our authorization structures on an entirely new basis. Besides saving time and money over the long term, we no longer have to worry about our legal compliance."

Success Story "Authorization Management - legal certainty and correctness"

— Stefan Lendzian
NORDWEST Handel AG

"With the help of the SAP experts from AKQUINET and the Safe Go-Live approach, around 50% of the users that were created could be identified as inactive and easily deactivated. At the same time, the authorization project reduced the risks by up to 70% and thereby significantly improved security."

Logo SAST SOLUTIONS customer Stadtwerke Essen
— Stadtwerke Essen

Further SAST CONSULTING Services

Privacy settings

Click »Info« to see a list of the used cookies. You can give your consent to the required cookies or statistic cookies. The selection is optional. You can change these settings or delete the cookies in the browser at any time. If you select the »Statistics« option, your opt-in consent also extends to processing in the USA, which is considered by the European Court of Justice as a country with an insufficient level of data protection. Please find further information in our privacy statement.
In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group external media
Name YEXT -Search
Technical name yext
Provider Yext GmbH
Expire in days 0
Privacy policy https://www.yext.de/privacy-policy/
Use Enables intelligent search via YEXT.
Allowed
Group external media
Name Google Maps
Technical name googleMaps
Provider
Expire in days 6491
Privacy policy
Use Enables the use of Google Maps.
Allowed
Group external media
Name YouTube
Technical name youTube
Provider
Expire in days 0
Privacy policy
Use Enables the use of the Youtube video player.
Allowed
Group statistics
Name Google Analytics
Technical name _gid,_ga,1P_JAR,ANID,NID,CONSENT,_ga_JT5V6CR8ZH,_gat_gtag_UA_133169400_1,_gat_gtag_UA_141664271_1,_gat_gtag_UA_127185455_1,_gat_gtag_UA_127561508_1,_gat_gtag_UA_194226577_1
Provider Google LLC
Expire in days 730
Privacy policy https://policies.google.com/privacy
Use Cookie by Google for website analysis. Generates anonymous statistical data about how the visitor uses the website.
Allowed
Group essential
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Group essential
Name Contao HTTPS CSRF Token
Technical name csrf_https-contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Group essential
Name PHP SESSION ID
Technical name PHPSESSID
Provider
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Group essential
Name FE USER AUTH
Technical name FE_USER_AUTH
Provider
Expire in days 0
Privacy policy
Use Saves information of a visitor as soon as he logs in to the frontend.
Allowed
Group statistics
Name Google Repcatcha
Technical name googleRepcatcha
Provider Google LLC
Expire in days 0
Privacy policy https://policies.google.com/privacy
Use Protect from spam.
Allowed
Group statistics
Name ClickDimensions
Technical name cuvid,cusid,cuvon,cd_optout_accountkey
Provider ClickDimensions
Expire in days 730
Privacy policy https://clickdimensions.com/solutions-security-and-privacy/
Use Cookie from ClickDimensions for website analysis. Generates anonymous statistical information about how the visitor uses the site.
Allowed
Copyright akquinet AG. All Rights Reserved.