Enterprise Role Management helps streamline your role design process with a pre-defined, customizable design methodology that guides you through role definition, authorization maintenance, risk analysis, role approval, and role generation in your SAP back-end systems. It also ensures Sarbanes-Oxley compliance of your roles.
Enterprise Role Management is a capability of SAP BusinessObjects Access Control 5.3. It embeds role design for your SAP and non-SAP applications in customizable methodology processes applying key product capabilities such as risk analysis and role approval workflows to ensure Sarbanes-Oxley compliance. Methodology processes for role design allow for the distribution of responsibilities during role design across multiple stakeholders such as business process owners, IT security, or members of your Sarbanes-Oxley team. These processes ensure that your roles do not contain risk violations.
SAP BusinessObjects Access Control delivers a comprehensive set of access controls that identify and prevent access and authorization risks in cross-enterprise systems. I’ll provide an introduction to Enterprise Role Management (ERM) so you’ll understand the main concepts of the application and learn how to use it for role design in your enterprise. I’ll start by explaining the idea of methodology processes and how ERM fits into your system landscape and your role testing approach in your development and quality assurance business systems. I’ll continue with Role Designer, which guides you through ERM customizing prior to productive use of the application. Then I’ll take you through the steps of the default methodology process delivered with the software using the creation of an SAP single role for an SAP ERP back-end system as an example. At the end I will provide an overview of ERM’s reporting capabilities.
In ERM, all role design happens within methodology processes. A methodology process is a sequence of steps, which always starts with the role definition step. In the process, you specify role type, target system landscape, role name, role description, and role attributes such as business process and subprocess. The following steps are available: