Hello all,

I'm struggling to find reasons to convince my company to build its own ruleset with the help of the standard matrix provided in Access Control, as the responsibles do not see the advantages of challenging the risks and align them with their own business activities. The project will take some time and implies to perform business workshops with business process owners.

Could anyone brainstorm with me to find reasonable pros and cons, knowing that my company is on a S4 Hana based system and the actual standard rule set does not include all the tiles of Fiori, one more reason to reorganise the business risks.