Enhance User Access Risk Reporting in SAP Access Control 10.1 with User Master Data Attributes

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • March 12, 2014
Learn how to enhance user risk analysis and user risk simulation analysis by leveraging a custom user group based on user master data (transaction code SU01) attributes. You will also learn how to improvise with custom variants (based on SU01 attributes) when defined custom user groups are not available for your business case or you need to bring in more flexibility to user risk reporting.
Learning Objectives

After reading this article you will learn:

  • How to create and maintain custom user groups based on SU01 attributes
  • Which authorizations objects are relevant for custom user group maintenance
  • How to build custom variants (based on SU01 attributes) for efficient and simplified user risk analysis (and simulation)
Key Concept

Custom user group and custom variants are a collection of functionalities that allows you to group users based on specific SU01 attributes to drive efficient user risk analysis reporting. Transaction code SU01 is used to create users and allows for the definition of specific attributes against a user master record. The defined attributes can subsequently be used in setting up custom user groups and custom variants to drive ad-hoc risk analysis and simulation at the user level.

One of the new capabilities in SAP Access Control 10.1 is the enhancement of how a custom user group works. I provide a concise description of the custom user group functionality and how to harness this capability for efficient and optimized user risk analysis and simulation. 

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.