Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Edition 1- SAP Security Role Redesigning


A Role redesign, also sometimes referred to as security redesign or role remediation, refers to significant changes to SAP roles that impact the authorizations of SAP users.It is basically based on the principle of separation of duties (SoD). Due to different SoD requirements between companies, the final SoD review takes place in the customer concept, based on a defined set of rules.


There are various reason why organizations Decide
to commencement on a role redesigning project,

  • Segregation of Duty (SoD), is the concept of
    having more than one person required to
    complete a task. Effective SOD in an
    organization is intended to prevent fraud and

  • Changes of organizational structure,

  • Upgrade of SAP Systems

  • Migrations to SAP S/4HANA

  • Over-authorized users,

  • Legal requirements,

  • The desire to simplify role administration


  • An authorization concept is highly complex and subject to dynamic changes.

  • We provide the single roles that cover the major functions of SAP S/4HANA and SAP ERP.

  • We adapt the naming conventions of our template roles to individual customers.

  • We adapt the naming conventions of our template roles to individual customer.

  • The roles are delivered with a standardized specification of the documentation structure in the role long text.

  • If you use our role template, you benefit from enormous time savings, which will also be reflected in your project budget

  • At the same time, you can grant access authorizations according to the need-to-know principle, which means each user is only assigned
    the authorizations they need to perform their day-to-day work.

  • By automating your SAP role generation, you can conserve valuable internal resources while at the same time guaranteeing the security
    of your data and systems.

  • The role design is based on the principle of separation of duties (SoD).


Reduces Fraud/Risk :

  • One thing that falls upon every organization is taking care of some events that can put SAP system at risk. These events involve-

  • Removing and adding authorizations for a short time period

  • External IP logins and logins at irregular time/hours

  • Inactive users or dormant user accounts

  • Managing segregation of duty (SoD) implications

Transparency in the design:

  • SAP system optimization is another crucial task for many businesses. Reducing and optimization of authorizations is an important activity that SAP system
    requires and it is successfully achieved with the right SAP security design. Implementing roles and authorizations that are free from risks and SoD
    complications leads to transparency of user authorizations and makes your audit easy. In addition, a proper and well-defined change management process will
    help you keep your system clean at any point in time.

Define the right role architecture/design:

  • Lay the foundation for picking up the right design. When you are about to choose the right role design, ensure that the role architecture is designed to reduce your
    existing access risks (in case of a new implementation, build risk-free roles).

The roles can be either

  • Single, master, derived, and composite roles (These are the technical designs that can be further broken into job-based and task-based

  • Job-based and task-based roles (Based on the job function, or business task)

  • Position-based design (Roles assigned to a position in the HR system. Every user will have the required access based on his/her position)

Monitor your system 24/7 to keep it in a healthy state:

  • Now that you have understood the importance of a well-designed security strategy, you need to monitor it to ensure that the design is
    within the defined boundaries and your business data is safe. SAP GRC Audit Management (AM) is one such solution that can be
    designed to monitor your SAP security system.

1 Comment
Labels in this area