SAP ACCESS CONTROL
Many companies ask themselves the following questions surrounding roles and security within their organization:
Many companies ask themselves the following questions surrounding roles and security within their organization:
- How did they get that access, who approved, and why?
- Who are our users?
- What do they have access to?
- Are the extra access privileges provided to handle some extreme situations still available?
- Are the extra access privileges provided to handle some extreme situations still available?
for all the above issue, proper SOD is solution.
- SAP Access Control is considered the foremost application to detect and address SoD issues.
- SoD issues are among the top audit issues reported by major auditing firms.
there are some challenges and assumptions
made in providing an employee access using SAP Access Control:
- First, providing access to employees is assumed to be easy and straightforward.
- The second challenge thatadditional privileges to deal with some critical situations, such as meeting shipment deadlines or month-end closings. these additional privileges provided to the employee are forgotten, and the company is exposed to risks arising from this lapse in alertness.
- while removing the same authorization some authorization may miss, due to the license of SAP system sercurity consult need to assign additional authorizations to user.
- over a time company can losse control of data,due assign to third party person interruption.
Note : only Aduits and IT professional can find out errors in the SOD.
- Access risk analiysis tool: when ever need of assign an missing authorization to any user in SAP is required , this access risk analiysis tool with a global rule set based on industry best practices to make quick start analysis regarding security.
- the risk level are classified as below:
- High.
- Medium.
- Low
this classification values are based on Aduit team needs.
- Access risk analysis tool against roles, users, user groups,profiles, the SOD detail information on critical actions,critical permissions,critical roles and profiles.
2.Emergency access management tool:
when an user performing beyond his daily activities, suppose month end activities or year end activities at that time the particular user needs extra authorization then what the authorization was
when an user performing beyond his daily activities, suppose month end activities or year end activities at that time the particular user needs extra authorization then what the authorization was
assigned.
In this situation, EAM tool provides top solution for the authorization, changes were documented for future risk analysis.
In this situation, EAM tool provides top solution for the authorization, changes were documented for future risk analysis.
- from the above figure, this tool is having with some extraordinary IT privilages for specified number of days for extraditory situation and access issues.
- This tool will act like fire fighter for filtering,sorting, downloading for various input values of audit purpose.
3.Business Role Manager Tool :
Note: SAP GRC suite is one time investment, because of Return of investment while performing internal and external auditing many companies are investing on GRC suite now.
- this tool enforces while creating roles,while creating role using BRM tool, it will automated with involve role owners, auditors, and security persons.
4. user access management tool:
right from user hire to fire, user administration will be performed ny this tool + documentation with work flow ( no need of third party tools).
Note: SAP GRC suite is one time investment, because of Return of investment while performing internal and external auditing many companies are investing on GRC suite now.
No comments:
Post a Comment