Role Design and Review

Are your SAP roles accurate and well-organised? Do they follow a systematic and easy-to-understand naming convention? Do your managers complain about not understanding the access they are signing off for their users? Have segregation of duties and other security violations been identified in your roles or user access?

Often, roles are created to meet business needs without much consideration to security requirements. As a result, you may find fully-functional roles which violate segregation of duties (SoD) or critical access risks.

On the other hand, the complexity of SAP authorisations can lead to roles giving more access than indicated by the role names. This could put you in a position where, while your roles comply with security requirements, they are cumbersome and difficult to manage, requiring maintenance work to be performed every month.

We follow a time-tested, systematic role-building concept which meets business requirements, access framework and standardised role-naming convention. Our aim is to help you fix, redesign and create roles which you can easily maintain afterwards.


Role Review

  • Performing analytics to assess your existing roles against our common best practice access risk rulebook*
  • Analysing the roles from a technical effectiveness perspective, e.g. identifying often-used SAP transactions and incomplete/inconsistent roles
  • Reviewing your role assignments to users
  • Advising as to whether improvements can be achieved with revisions of existing roles or whether a full or partial roles redesign would be required
  • Making other recommendations as required

Role Design

  • Performing analytics to assess your actually-used SAP transactions and field values in relation to your functional business processes
  • Grouping these transactions and field values into a new roles design (standard or custom)
  • Validating the new roles designed against our common best practice access risk rulebook*
  • Building new roles and facilitating role testing
  • Assigning tested roles to relevant users, in compliance with our common best practice access risk rulebook*
  • Documenting the new roles and user assignments in an agreed format
  • Training your administrators and key users in business-as-usual role maintenance process

*Our common best practice access risk rulebook will be used unless you already have a robust, tailored access risk rulebook. If you do not and would like to have one developed, we can help you as part of our Access Framework service.

Not sure about what you need?

Take our free quiz here for a quick high-level view of your SAP access environment!

OR, if you are ready for a more thorough assessment:

Get in touch and we’ll walk you through a 30-minute diagnostic about your SAP access environment. We’ll evaluate the various aspects of SAP access management with you and suggest areas where improvements can be achieved.