Skip to Content
author's profile photo Former Member
Former Member

Need Help from Gurus on Role Redesign

Hello SAP Security Gurus-

I need your help-

I hav been given a project to redesign of existing roles to create job-based roles for FICO,SD,MM,module to decrease segregation of duties conflicts among users as well as allow for flexibility as the organization changes.

Help me on how i proceed on this task.

Thanks

Uttam

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

6 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Dec 21, 2012 at 04:25 PM

    Hello

    What have you put into your plan so far?

    Cheers

    David

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 21, 2012 at 05:07 PM

    Hello

    what is the current role structure that your organization follow?

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 21, 2012 at 09:50 PM

    Hi, with the greatest respect isn't this what your client is paying for you to know? At least post up the salient facts to give us a bit of background.

    Cheers

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thank you Alex.

      Redefine roles (AP, AR, FI-CO, GL, MM, SD) to create a more flexible platform which may adapt to organizational changes a Create "base" roles comprised of view accesses b Create "report" roles comprised of reports c Create "task" roles aligned with SAP "functions" for write access

      This is the requirement.

  • author's profile photo Former Member
    Former Member
    Posted on Dec 21, 2012 at 10:36 PM

    Hi Julius,

    The "World Ending" was postponed due to a system error 😊 lol.. So every one is safe. Its time to plan for the Xmas holidays now. Wishing you and the team a very great XMas.

    @Uttam - There are numerous ways that can be followed to re-design the roles. It would be better to recommend the possible approches when you provide all the required information. If you have a SoD tool (RAR or any other SoD tool), you may use the simulate option before actually adding the transaction code(s) is the role(s).

    Further, as a quick recommendation, try to have a quick discussions to map the various business processes into roles. This way you can reduce the intra level violations.

    Happy Christmas to you too..

    Best Regards,

    Raghu

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Uttam,

      There is no bible that tells you the easiest way to design roles. As pointed by John, it may depends on the # of users too. If the user base is only (or below) 100, there is no point in segregating them at a very micro level, since you will end up assigning them to the same users which gets extra level violations (risks) again. Your SAP system, business teams, and company processes might be the best bet to decide on the future design.

      Regards,

      Raghu

  • author's profile photo Former Member
    Former Member
    Posted on Dec 21, 2012 at 10:18 PM

    I still have 1 hour and a bit to go without the world ending, so can the guru please confirm that it is safe on the other side, or does it all look like this post?

    Cheers,

    Julius

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 29, 2012 at 07:26 PM

    Hi

    "Their usage of GRC is also very minimal so lot of manual work needs to be done."

    If the business has invested in any of the RAR tools then they are probably extemely eager to get the management SoDs and Criticals down.

    EDIT - I initially took this to be reference to the VIRSA/GRC/AC10 tools but maybe this really means the business doesn't bother about SoDs and criticals at this time

    EDIT

    It's not easy/business friendly to try doing a remediation by stealth...

    Is this work covered by an approved project?

    Cheers

    David

    Message was edited by: David Berry

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello David,

      Yes this is covered by a approved project, SAP Security team does not want to get involved in this task so Business has hired me to look into this SOD issues and redesign the current sap roles.

      Thanks

      Uttam

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.