An authorization concept is often set up when connecting new systems to the existing system landscape. The implementation of an authorization concept should always be based on a project plan that needs to be well planned and executed. The five pieces of the pie diagramm are often used when connecting a system landscape (please note that other namings are also used for the mentioned phases).
Involvement of all stakeholders that are interested or concerned by the SAP implementation, setting up the project team.
Capture the unique business needs of the company. The blue print is like a picture of the To-Be status. All business processes need to be described and analyzed which is needed for setting up the authorization concept.
Configuration and fine tuning of the SAP system. All the prior defined business processes are the basis for the creation of new roles.
Check of all interfaces, make sure that the applicants are well trained, migration of the business data into the SAP system.
Go-Live & Support
Taking up the productive operation of the SAP system, specification of measures for continously checking the investment (SAP system).
Strategy for User and Authorization Management
The implementation of an authorization concept can be performed within five phases, from which each phase included different activities. Each phase should be managed by a responsible person. A user should be allowed to perform those tasks that he is supposed to do. The needed transactions and reports might be combined to a authorization role. A role should only offer those authorizations that are needed for a task. As the development of roles and the coordination with the different departments might be challenging, we do recommend to set up the concept within an own project.
Identification of the concerned departments with their respective risks (stakeholdermanagement!). Setting up a task force that is responsible for the specification and the implementation of the user roles and the concept. This requires the support of the respective department heads so that it is usefull to involve key users accordingly.
Analyzis & Conception
Analyzation of the business processes by the project team, Realization of job descriptions by the role concept, define user roles, complete user roles, setting up the framework for implementing the roles, getting the framework for the role implementation checked and approved.
Implementation of the role concept: Creation of defined single roles, derived roles, business roles.. (depending on the role type you are using) ending up with a functional check of the role content.
Quality Assurance & Tests
Check the user roles and the concept within functional testings, Realize job descriptions with role combinations (if needed), Check the quality of the created roles in case of role combinations, Provide training for business users, Release the authorization concept
Setting up the productive environment, Create user master data for productive users, Implement, check and release new requirements.