Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reorganizing authorization roles

Former Member

‎10-30-2009 12:04 PM

0 Kudos

Hi All,

have you a good experience in reorganizing authorization roles? Which is the best methodology to implement? We have an R/3 system from 12 years and now we have a jungle of roles. Moreover we are planning to upgrade our R/3 4.6c to ECC 6.0. In your opinion the reorganizing of roles can be made before the upgrade or the best way is to make it after?

Thanks and regards

Bob

4 REPLIES 4

sdipanjan
Active Contributor

‎10-30-2009 12:58 PM

0 Kudos

If you have plenty of time available before upgrade, then I would like to suggest you to Do a New Role design from scratch instead of modifying such old roles. I am quite sure that there are so many things already swallowed that would give lots of pain to re-organize them.

You may take them as reference to redesign the whole Role structure and after a success in Test and Go-Live (with a moderate time period for Hyper-care) you may be able to do the Sun Set of this 12 years Old role structure.

Regards,

Dipanjan

Former Member

‎10-30-2009 3:35 PM

0 Kudos

I agree with Dipanjan. 4.6 -> ECC6 is a reasonable jump so a redesign before hand will save time as you will be making plenty of changes irrespectively.

There are a few activities which you can leverage from the upgrade to save you having to repeat if you did the redesign afterwards. The main two are testing and post upgrade/reimp support.

Former Member

‎11-02-2009 8:52 AM

0 Kudos

Thank you. In your opinion which colud be the added value and how could be used SAP GRC in this reorganization?

Regards

Bob

Former Member
In response to Former Member

‎11-02-2009 9:40 AM

0 Kudos

Hi Bob,

Most useful is the ability to perform segregation of duties analysis. That way you know that your redesign will have clean roles from the start (or you know what you have to mitigate). SAP's RAR product is pretty good in this respect, but it is worth bearing in mind that they are not the sole providers of tools which provide SOD analysis. Currently RAR is the best one I have seen.

The ability to grant firefighting access is also very useful. SAP achieves this through their SPM tool. This is increasingly being used to grant temporary access to sensitive business functions (such as open & close periods, upload exchange rates). This way you can remove certain sensitive functions from your standard role design and give access to them on an "as needs" basis.

The GRC suite also has a role management tool which in theory can speed up a role build. All the reports I have got so far is that it is still rather buggy and the choice to use it should not be taken lightly.