6 Tips for Managing Access to Your SAP Transactional Systems

  • by Anurag Barua, Independent SAP Advisor
  • March 15, 2008
While you can depend on tools such as SAP’s Audit Information System (AIS) or the SAP GRC technology foundation, the onus of establishing and executing solid security procedures is a joint responsibility of IT and business. Setting policies and obtaining acceptance from all interested parties, if done correctly and in a timely manner, can pay dividends.

It usually starts off in the most innocuous of ways. If you are in a position to approve (or disapprove) and execute SAP system access requests, you have probably heard it. This request sometimes comes via an email and usually reads somewhat like this: “I would like access to your SAP system.” Or it could be a phone call from someone who breathlessly states that the system prevented him from running a particular transaction that is crucial for (let’s say) the finance department’s month-end closing activities. Or the worst situation could occur — someone you’ve never seen before asks for new access or access to something that he never had before.

If you have ever been on the requesting side, you probably do not empathize much with your approvers and administrators and why it seems to take “forever” for them to take action. If you are an SAP administrator or manager, you are asked to make a judgment call quickly on an issue that might have unforeseen implications. Thus, you are walking a fine line between your enterprise’s security policies (including Sarbanes-Oxley compliance and segregation of duties [SoD]) and being responsive to the needs of the user community. In the absence of properly documented and well-understood security policies, these two goals might seem mutually antagonistic. I developed these six recommendations for implementing a security framework to mitigate the potential of such a conflict.

Anurag Barua

Anurag Barua is an independent SAP advisor. He has 23 years of experience in conceiving, designing, managing, and implementing complex software solutions, including more than 17 years of experience with SAP applications. He has been associated with several SAP implementations in various capacities. His core SAP competencies include FI and Controlling FI/CO, logistics, SAP BW, SAP BusinessObjects, Enterprise Performance Management, SAP Solution Manager, Governance, Risk, and Compliance (GRC), and project management. He is a frequent speaker at SAPinsider conferences and contributes to several publications. He holds a BS in computer science and an MBA in finance. He is a PMI-certified PMP, a Certified Scrum Master (CSM), and is ITIL V3F certified.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.