Scribd
Upload
4K views

Authorization Matrix

There are two main ways to create an authorization matrix in SAP: 1. Using an existing template from a previous SAP implementation. 2. Studying the business processes and defining roles and authorizations. This requires support from functional teams and cannot be done individually. The process of studying business processes involves identifying potential risks, designing an authorization structure, defining special roles and authorizations, implementing these in SAP using tools like PFCG and Securinfo, testing, and optimizing. Sample case studies would help understand how to map user requirements to the technical authorization implementation in SAP. Tools like Virsa Compliance Calibrator can also help identify potential risks, but for some projects the authorization matrix itself

Uploaded by

ArunKhemani
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
4K views

Authorization Matrix

There are two main ways to create an authorization matrix in SAP: 1. Using an existing template from a previous SAP implementation. 2. Studying the business processes and defining roles and authorizations. This requires support from functional teams and cannot be done individually. The process of studying business processes involves identifying potential risks, designing an authorization structure, defining special roles and authorizations, implementing these in SAP using tools like PFCG and Securinfo, testing, and optimizing. Sample case studies would help understand how to map user requirements to the technical authorization implementation in SAP. Tools like Virsa Compliance Calibrator can also help identify potential risks, but for some projects the authorization matrix itself

Uploaded by

ArunKhemani
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Creating the Authorization Matrix??

Posted by ajitnadkarni - 2008/02/18 15:53


_____________________________________

Hi,,

How is security implemented in SAP.


How is the design (Authorisation) matrix created.What procedure is followed to prepare the matrix.??

Thankyou,
Ajit
============================================================================

Re: Creating the Authorization Matrix??


Posted by learnb - 2008/02/18 16:54
_____________________________________

Hi,

There are two ways:

1. Using a template
2. Studying and implementing the business processess.

If your company is implementing SAP fro the first time, you may need to with step 2. All the business processess should
be studied throughly and the roles should be created. This will be done with the Functional teams support and can't be
done individually.

Incase, if your company has a Landscape already to would like to implement SAP for a particular geographic region, you
can make use of the existing role set as a template.

Hope this answers your question.


============================================================================

Re: Creating the Authorization Matrix??


Posted by ajitnadkarni - 2008/02/18 17:09
_____________________________________

Hi ,,

Thanks a lot for replying..

Can u please illustrate the second case " Studying and implementing the business processess. " with some example??

Thankyou,
============================================================================

Hi
Posted by hari_kantipudi - 2008/02/19 16:25
_____________________________________

I beleive following information will help u.

Authorization requirements, (functional, Sarbanes-Oxley compliance)


Authorization strategy, procedure and plan
Identification of potential risks, data protection
Risk valuation, development of risk-control matrix
Identification of SAP functionality
Design of authorization structure (Securinfo for SAP)
Definition of special authorizations(Roles and its authorizations)
Authorization implementation (PFCG, Securinfo)Authorization tests
Optimization and quality assurance
Production planning
Learnb-Forum - Learnbasis.com mianboard Forum Component version: 1.0.4 Generated: 1 July, 2010, 09:59
============================================================================

@hari_kantipudi
Posted by ajitnadkarni - 2008/02/19 18:30
_____________________________________

Thanks hari..

It would be better if there r any sample case studies related to implementing security.
If any plz mail me at :<Email ID should be updated in your profile>

I am actually intrested in knowing how do I map the user requirement to technical aspects in SAP.

Thank you,
============================================================================

good info
Posted by ankit_ranka - 2008/02/20 19:20
_____________________________________

hi ,
how can we identify the potential risks and how risk valuation can be performed ? can u plz explain or can u plz provide
some links where i can find suitable information.
thanks
ankit
============================================================================

Re: Creating the Authorization Matrix??


Posted by learnb - 2008/02/21 00:01
_____________________________________

Hi Both,

SAP has identified the potential risks and included it in the Virsa Compliance Calibrator tool. This tool has around 156 pre
identified high risks and many more medium, and low risks. Every risk is identified by a risk ID. You can know more about
the GRC in the following website:

http://www.sap.com/solutions/grc/riskmanagement/index.epx

However, some of the implementations doesn't have the Virsa tools. For those, the authorization matrix will help to
identify the potential risks. Authorization matrix is a spreadsheet that shows the SOD violations.
============================================================================

Learnb-Forum - Learnbasis.com mianboard Forum Component version: 1.0.4 Generated: 1 July, 2010, 09:59

You might also like