Configure an Enterprise Business Role Concept Using SAP Access Control 5.3 and Position-Based Security

  • by Malcolm Dillon, Independent GRC and Security Consultant
  • June 19, 2012
Management
Learn how to configure SAP Access Control 5.3 to use an enterprise role concept across all SAP ABAP components, Java components, and LDAP user group provisioning.
Key Concept

An enterprise business role is a super composite role that encompasses roles or profiles across all your SAP ABAP and Java environments.

As more organizations make the transition from a user-based role provisioning process to position-based provisioning, there is an increased need to develop enterprise-wide business roles that encompass access across various parts of the organization.

Existing solutions such as SAP Netweaver Identity Management (IDM) and SAP Access Control 10.0 can technically accommodate enterprise or business role concepts. However, a vast number of organizations have not made the leap to a full-blown IDM solution and are focused on getting more mileage out of their SAP Access Control 5.3 investment.

How to Design an Enterprise Role Concept

The first step toward an enterprise role concept in SAP Access Control 5.3 is to extract all your roles with user assignments from all your SAP systems. There are traditionally a large number of single roles and a lesser number of composites. The initial goal is to consolidate as many single roles as possible in a particular environment into composite roles (Figure 1).

Malcolm Dillon

Malcolm Dillon is an independent SAP GRC and security consultant. He has over eight years of SAP security and audit experience.  He has worked on multiple SAP Access Control 5.3 implementation and upgrade projects.  HCM security role design and integration with SAP Access Control via HR triggers is his specialization. When he’s not spending time with his family, he can be found out on a local golf course.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.