The flexibility of the SAP authorization architecture enables the combination of numerous profile models that determine how complex system maintenance can be, and all this without failing to guarantee full compliance with the company’s business requirements.

General Description

SAP (Roles) profile modeling generally follows a logical structure established with the purpose of facilitating administration, simplifying security and SoD risk management, as well as allowing the sustainable reuse of profiles. Profiles structured by position (Job-Based) and by tasks (Task-Based) are the most popular existing models. Choosing one of these, among the many other existing types of modeling, requires a detailed analysis of the organization’s requirements versus characteristics and impacts provided by the chosen model, for example:

Technical Structure – Quantitative evaluation of numbers of profiles vs transactions vs authorizations provided by the adopted model:

• Number of Roles generated;
• Number of Duplicate Transactions/Authorizations;
• Unnecessary amount of access granted;
• Number of Roles associated with the User.

Risk Management – Assessment of aspects of adherence to security, auditing, internal controls and risks requirements provided by the adopted model:

• Simple Roles without SoD violation;
• Flexibility for SoD Management;
• Provides greater access security;
• Additional Access Request and Provisioning.

Governance / Operation – Evaluation of the model adopted after the project (operation) and its adherence to aspects related to the cost of maintenance and operational governance:

• Naming convention that facilitates requesting additional access;
• Additional access maintenance flexibility;
• Flexibility for Organizational Restructuring;
• Flexibility for Rollouts;
• Flexibility to associate owners to Roles;
• Flexibility to incorporate exceptions.