| |
|
|
| |
 |
| |
| “We have used Eurekify's Sage to build a few roles for thousands of users. It is clearly an easy method to create roles and maintain them”, Peter Zuenti, Consultant. |
|
|
| |
 |
| |
| “Sage Discovery and Audit provides a quick and easy insight of the authorizations within a company’s infrastructure. Sage helps customers realize the benefits of RBAC”, Koos Jennekens, Senior Consultant. |
|
|
| |
 |
| |
| “Sage provides instrumental tools for managing Roles. With Sage, our customers can very simply and quickly add new Roles or modify current ones according to organizational demands”, Franco Rasello, CEO. |
|
|
| |
|
| |
| “In order to control user permissions as well as being compliant with regulations, the Identity Management solution alone is not enough. The right way to start with a provisioning solution should be optimizing Roles”, Franco Rasello, CEO. |
|
|
| |
 |
| |
| "In my experience, role-based management is critical for achieving the true benefits and ROI of Identity Management implementation.", Marc Sel, Director - Security Solutions, PwC Belgium. |
|
|
| |
 |
| |
| “We have made incredible leaps forward by applying Eurekify technology to speed up the process aimed at pinpointing user profiles and roles”, Rob Bus, Managing Director. |
|
|
| |
 |
| |
| “Sage is the perfect tool for assessing specific needs within a large organization. It is also important for attaining administrative efficiency, reduce employee downtime and to improve security”, Ophir Zilbiger, CEO, Secoz Ltd. |
|
|
| |
 |
| |
| “Role definition applications can significantly reduce the cost of the process (by 40-60% according to a leading systems integrator). To our knowledge, Eurekify and Beta Systems are the only vendors in this space.”, Michael Tieu and Andrey Glukhov. |
|
|
| |
 |
| |
| “From Years of experience in implementing enterprise user administration systems in large environments, we strongly recommend a structured and business-aligned approach to the implementation method...”, Jesper Oestergaard, CEO. |
|
|
|
|
| |
|
 |
| |
|
The Challenge
SAP is the leading software for Enterprise Resource Planning (ERP), providing core business functions and serving as a repository of sensitive and mission-critical data. Accurate privileges assignment is therefore crucial to any SAP implementation. Eurekify Sage ERM, the leading software for Enterprise Role Management, enables deployment of true role-based access control (RBAC) environment for SAP. It provides SAP administrators and auditors with the tools they need to cleanup legacy privileges, tune role definitions, and automate the review of both roles and specific privileges for compliance with policies and regulations. Sage ERM complements SAP’s renowned role-based security system with novel analytical and reporting services.
Role-based Access Management for SAP
SAP provides business functionality through its business modules such as FI-CO, MM, SD, PP, HR, etc. Users make use of transactions, programs and reports to deliver their part of the business process. SAP is a comprehensive system with a rich, role-based authorization model. Users are granted access through profiles, containing authorizations. Profiles can be single or composite (composed of multiple single ones). Authorizations contain authorization objects, which in turn contain authorization fields and values. When a user executes a program or transaction, his profile is checked for having the appropriate authorization objects with the right fields and values. There are about 900 different types of authorization objects, each typically with multiple fields. To deal with this complexity, SAP then introduced Authorization Groups, a.k.a. Roles. Users and respective authorizations are then connected to roles.
Today, a good roles design is crucial for a SAP system, both from operational and compliance perspective. Appropriate access control needs to be designed in the roles, enforced and reported. Furthermore, as SAP systems typically span large parts of the organization and are operational over long periods of time, their authorization and roles set-up may deteriorate. Sage ERM allows you to analyze the current role set-up, and the way roles are allocated within the organization. Sage's pattern recognition technology quickly detects anomalies and to identifies appropriate roles structures. Sage also enables defining access policies and segregation of duty rules, and quickly generates compliance reports.
Sage quickly identifies users that have access to company codes they should not have as well as violations of typical segregation-of-duty expectations (e.g. posting journal entries through FB01, FB10 or F.80 versus the maintenance of accounting periods through OB52). Sage also detects and reports whether access to sensitive transactions such as treasury are effectively limited to appropriate users. Sage facilitates privileges cleanup and role definition, substantially reducing costs, time and organizational efforts. Sage-originated role definitions can be easily deployed in Identity Management and Provisioning systems, Enterprise Directories, and any other Identity Store of choice.
Benefits
- Cleanup of legacy privileges and restructure role definitions
- Ease administration by reducing the number of roles and privileges
- Identification of security breaches and potential holes
- Reduced administration costs
- Shorter provisioning time for new users and users that change jobs
- Automated verification of IT controls and segregation of duty rules and regulations such as Sarbanes-Oxley, HIPAA, FERC, GLBA, and various privacy regulations
- Automated privileges certification by business managers
|
| |
| |
|
|
