Authorizations always were part of the normal business life. In former days authorization management was easier to manage as most of the business processes were not digitalized at all. Nowadays company tend to optimize and digitalize processes as much as possible. Within a society that becomes more and more digitalized companies must make sure that the authorizations that are needed to fullfill the daily business tasks are managed in a safe and sustainable way. A more specific description of authorizations would be that authorizations enable us to set up an access control on application level with the goal that everyone is authorized to do what he/ she is supposed to do. Within SAP authorizations are created and combined in roles.
Why is the management of authorizations needed?
Data protection
In a digitalized world in which all the data is being hold online data protection becomes more and more important in order to secure and protect sensible business data. Often data protection is part of laws, agreements and/ or regulations that must be implemented. Depending on the country different local legislation needs to be obeyed and transformed into technical authorizations that need to be actively managed. Especially the data protection laws as well as the new General Data Protection Regulation (GDPR), that was established by the EU and needs to be implemented by May 2018, are changing the data protection criteria and the legal principles in a regular way so that authorization management is highly needed today. Moreover a company needs to set up security regulations for establishing a secure system environment that can be protected from internal and external access.
Balance between security costs and security benefits
It is important to have a good balance of costs that are coming up for protecting your data and the benfits that are resulting from data protection. There is a huge variety of possible threads. Total security can only be achieved if a oversized authorization concept is set up and actively managed. Unfortunately the costs of a oversized security structure are out of proportion with the benefits achieved so that it sometimes might be smart, always depending on the to be protected value, to accept a loss in case the protection measures are more expensive as the actual loss.
It is not possible to establish 100% security for all possible threats. Our authorization management experts are taking care that the kind of risk of a potential threat is always weighed against the security costs.
Smooth management of business processes
SAP authorizations can be managed in a very granular way. A high granularity of authorizations within authorization roles might result in conflicts with the business processes due to authorization issues. The goal must be to set up a clear and transparent authorization concept with a limited number of roles. Only in this case issues with nested authorizations can be avoided.