For organizations that manage their processes with SAP, Net Studio and Aglea have developed a specific methodology for controlling SoD conflicts that can help you get compliant to relative norms and regulations.
Even “SAP-Centric” companies have heterogeneous environments, in which other applications or systems are also subject to the SoD policies. How do you get an IT access system to govern both SAP and “non-SAP” applications?
Combining their experiences and methodologies over the years, Aglea and Net Studio have developed a system to govern access and control SoD conflicts on mixed SAP and non-SAP environments.
Global visibility on “as-is”: detecting “who can do what”
We can show you how to get a fine-grained view of profiles, on overall SAP and non-SAP applications, by providing details that you can easily understand, on the type of access each user has.
Defining an Access Model Based on Business Needs (i.e. Compliance)
The most common requirements for compliance is SoD (Segregation of Duties). Unlike many other tools, our methodology addresses the issue of user access conflicts through the concept of “Business Activities”, for transactions on both SAP and non-SAP environments.
Setting up IT Access Certifications
Defining “who-can-do-what” is a Business responsibility, not IT, who normally just assigns a profile in an IT system. We can show you how to transfer ownership of assigning profiles to users from IT to business.
Users, Managers, the Help Desk … anyone can request access to data or IT transactions, as long as there are boundaries, workflows, and an application catalogue that is limited to what you do. We can show you the logic behind what users can see, how they can request access to SAP and non-SAP applications, and how to setup an approval workflow.
Risk Entitlement Definition
With the term “Risk Entitlement”, we define a significant and well-defined combination of Transactions and Authorization Objects, which – together – allow you to perform a specific Business Activity. Risk Entitlements are therefore the most appropriate object to use when comparing Business Activities, and consequently for detecting conflicting roles. With our knowledge of business processes, we are able to optimize the risk matrix in order to minimize “false positives”.