No more stress with SAP authorization assignments – setQ

February 25, 2020


Peter Rattey


SAP Authorization


SAP Advisory

…you all know that!

Let me describe to you a familiar and yet very unloved scenario.

It could be any company, any industry and the bigger the company, the more unpleasant and dangerous the effects. We are talking about the assignment of SAP authorizations and there are as many workflow variants in the world as there are companies.

Boring!     Annoying!     Time consuming!    Opaque!

If everything is correct and the application process, the check and finally the approval eat up a lot of time, nerves and permanently threaten your SAP security if you lose sight of even a small detail.

Unfortunately, you lose sight of many, many details over time and most SAP authorization situations in companies could be described as “opaque”.

But this is something you have to get through when working with SAP.


… you do not know that yet!

There is something from VOQUZ Labs!

There is setQ and with this tool you can not only build roles, update roles and adapt them to real activities. Not only can you automatically prevent and manage critical combinations down to object levels, but you can also automatically and compliantly assign authorizations without the SAP authorization team having to lift a finger.

Sounds fantastic and works just the same.

… a well-known example!

A short trip to a clinic. Basically, every department manager in any area knows this situation.

A ward doctor gets a new head nurse who has previously worked on another ward. As a result, this nurse needs the necessary SAP authorizations for exactly this ward. The care unit physician is the one who has to request these authorizations for her.

How high do we estimate the SAP authorization competence of a care unit physician who is actually supposed to cure patients? Correct, rather low or none at all.

He will fill out a form, send it to the SAP authorization team more badly than right and with all available good wishes.

This is now the second blind flight. Does this nurse still need her old authorizations from the previous ward? Is she nurse manager 1 or 2?

The authorization team is doing its best here, too, and also with best wishes this nurse will be sent her access to the SAP areas of her ward or not, or not completely, or something more…

Our newest whitepaper on SAP Access & Authorizations

Learn how to manage your SAP GRC Authorizations

Tablet showing the cover page of the document

Do you recognize her process in whole or in part? And how long does it take in your company until the head nurse can work in SAP?

You can save this stress completely with setQ.

Here is a setQ variant of the same scenario…

… it could be that simple!

The new head nurse comes to the ward physician. The ward physician goes to his SAP authorization area, although he probably does not really know that he is currently assigning SAP authorizations here.

He calls up head nurse Hildegardts name in his web area and sees that head nurse Hildegartdt is still fully authorized for the old ward. He can decide whether this is okay, or ask his physician colleague from the other care unit to revoke the superfluous authorizations for the poison cabinet, narcotics and drug ordering authorization.

Then he takes the package “Nurse” and the package “Head Nurse 2” out of his allocation stock, gives it to Hildegardt and we are done.

Hildegardt can start working 10 minutes later, because she has just received her access data via SMS on her mobile phone.

…Do you have any more questions?

Yes, what happens if the doctor is wrong now and assigns the wrong ward?

He can’t!

In the background setQ is running. He cannot make such mistakes because he cannot access other roles, cannot supply other SAP systems and can only issue authorizations from his work area.

The “dual control principle” is maintained. In this case, the authorization team did not have to do anything, and the same thing happens 10 to 20 times a day in the clinic.

The authorization team, on the other hand, takes care of trouble-shooting, keeps the roles up-to-date with setQ, and can pursue the tasks they should actually be doing, like SAP compliance.

The SAP security world can be simple when you have the right helpers!


Peter Rattey

Peter Rattey is Managing Director of VOQUZ Labs. He was the initiator and is significantly involved in the development of the SAP license management tool samQ.


Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Illustration of a woman editing documents

Register for our newsletter now!
Keep yourself up to date!

Thank you! Your successfully signed up for our newsletter.
Oops! Something went wrong while submitting the form.


Thumbnail that links to the post below

Stop Errors & Fraud! Time to tackle absurd losses in your revenue.



SAP Compliance

Thumbnail that links to the post below

"RISE with SAP" - a revolutionary licensing model?




Thumbnail that links to the post below

Why SAP Digital Access is still not a viable pricing model



SAP Digital Access