Enterprise Resource Planning Blogs by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Showing results for 
Search instead for 
Did you mean: 
Feras_Al-Basha
Product and Topic Expert
Product and Topic Expert
4,407

Introduction


In Feras Al-Basha and Riwa Mouawad’s previously published February 2019 blog: Mass Maintenance of Segregation of Duties in SAP S/4HANA Cloud, Identity and Access Management (IAM) within S/4HANA Cloud was the focus. This blog, a part two follow up, is targeted to key business users and implementation consultants and will focus on the Display Authorization Trace Functionality within IAM and S/4HANA Cloud Integration to Cloud Identity Access Governance.

Please note: all screenshots included in this blog are from a 1908 S/4HANA Cloud Starter System

 

What Exactly Is Identity and Access Management (IAM):


Identity and Access Management ensures that all business users within an organization have defined and managed roles. IAM aids in helping organizations monitor and tailor business roles to their needs and requirements. The S/4HANA Cloud Identity and Access Management Toolkit enables businesses to view information on Business Users, Business Roles, Business Catalogs, Restriction Types, Authorization Traces, and more!

 

What is the Display Authorization Trace Application?


The Display Authorization Trace application’s purpose and functionality is to enable users to analyze authorization trace data on a user basis to get insight on if adjustments need to be made. For instance, the Display Authorization Trace Application can be used to see if any authorizations are missing or insufficient for a user.

Display Authorization Trace Functionality:



The first step when accessing the Display Authorization Trace application is to ensure that the trace is activated:



Once the trace is activated for the user, in this case: Feras Al-Basha, trace information can be searched and information on when the last change was is available. There are many search options such as Access Category: Read, Write, Value Help, and Authorization Check Status: Successful, Failed, Filtered:



 

What Does the Authorization Check Status Mean?


 

There are three different statuses: successful, failed, and filtered. A successful status indicates that the check was successful, and a failed status indicates the check failed. A filtered status indicates that certain data is filtered out. The user can check on what business role might have affected the restriction type. For instance, a required business role might not be assigned to a user, resulting in a filtered status.

 

Cloud Identity Access Governance:


Advanced identity and access management segregation of duty check, and audit functionalities are available in Cloud Identity Access Governance, a product that integrates to S/4HANA Cloud. Having an integration of Cloud Identity Access Governance to S/4HANA Cloud provides a complete solution for managing and auditing identity and access management. Cloud Identify Governance not only provides a more complete functionality on segregation of duty checks and audits, but can also be used across several cloud solutions, providing the end user a simpler experience.



 

Key benefits include: a simplified governance of data access with secure access and minimized risk, a seamless user experience with strengthened security, and adoption identity and access governance with maintenance free updates.

For more information on product features functionality, benefits, functionality, and how to get started, please visit the landing page for Cloud Identity Governance.

Additionally, please refer to the best practice scope item on Automated Provisioning via SAP Cloud Identity Access Governance (‏3AB‏)

For a technical deep dive on the integration of Cloud Identity Access Governance please refer to the admin guide

Lastly, we invite you to explore the Identity and Access Management tag on the Activate Roadmap Viewer as previously outlined by Anand Kapadia's blog post.

We hope this information was valuable to you and please don’t hesitate to reach out with any questions and comments! We also encourage you to share your experience with S/4HANA Cloud segregation of duties.

 

Thank you,


Feras Al-Basha, SAP


Join Feras on LinkedIn


Riwa Mouawad, SAP


Join Riwa on LinkedIn