…you all know that!
Let me describe to you a familiar and yet very unloved scenario.
It could be any company, any industry and the bigger the company, the more unpleasant and dangerous the effects. We are talking about the assignment of SAP authorizations and there are as many workflow variants in the world as there are companies.
Boring! Annoying! Time consuming! Opaque!
If everything is correct and the application process, the check and finally the approval eat up a lot of time, nerves and permanently threaten your SAP security if you lose sight of even a small detail.
Unfortunately, you lose sight of many, many details over time and most SAP authorization situations in companies could be described as “opaque”.
But this is something you have to get through when working with SAP.
… you do not know that yet!
There is something from VOQUZ Labs!
There is setQ and with this tool you can not only build roles, update roles and adapt them to real activities. Not only can you automatically prevent and manage critical combinations down to object levels, but you can also automatically and compliantly assign authorizations without the SAP authorization team having to lift a finger.
Sounds fantastic and works just the same.
… a well-known example!
A short trip to a clinic. Basically, every department manager in any area knows this situation.
A ward doctor gets a new head nurse who has previously worked on another ward. As a result, this nurse needs the necessary SAP authorizations for exactly this ward. The care unit physician is the one who has to request these authorizations for her.
How high do we estimate the SAP authorization competence of a care unit physician who is actually supposed to cure patients? Correct, rather low or none at all.
He will fill out a form, send it to the SAP authorization team more badly than right and with all available good wishes.
This is now the second blind flight. Does this nurse still need her old authorizations from the previous ward? Is she nurse manager 1 or 2?
The authorization team is doing its best here, too, and also with best wishes this nurse will be sent her access to the SAP areas of her ward or not, or not completely, or something more…
Learn how to manage your SAP GRC Authorizations
Do you recognize her process in whole or in part? And how long does it take in your company until the head nurse can work in SAP?
You can save this stress completely with setQ.
Here is a setQ variant of the same scenario…
… it could be that simple!
The new head nurse comes to the ward physician. The ward physician goes to his SAP authorization area, although he probably does not really know that he is currently assigning SAP authorizations here.
He calls up head nurse Hildegardts name in his web area and sees that head nurse Hildegartdt is still fully authorized for the old ward. He can decide whether this is okay, or ask his physician colleague from the other care unit to revoke the superfluous authorizations for the poison cabinet, narcotics and drug ordering authorization.
Then he takes the package “Nurse” and the package “Head Nurse 2” out of his allocation stock, gives it to Hildegardt and we are done.
Hildegardt can start working 10 minutes later, because she has just received her access data via SMS on her mobile phone.
…Do you have any more questions?
Yes, what happens if the doctor is wrong now and assigns the wrong ward?
In the background setQ is running. He cannot make such mistakes because he cannot access other roles, cannot supply other SAP systems and can only issue authorizations from his work area.
The “dual control principle” is maintained. In this case, the authorization team did not have to do anything, and the same thing happens 10 to 20 times a day in the clinic.
The authorization team, on the other hand, takes care of trouble-shooting, keeps the roles up-to-date with setQ, and can pursue the tasks they should actually be doing, like SAP compliance.
The SAP security world can be simple when you have the right helpers!
Do you have any questions or something to add? Just leave us a message. Your message will not be published.