Role Management

What is it?

As soon as multiple landscapes are involved within a company, role management can be a major undertaking for a business. Business Role Management (BRM) is an application within SAP GRC that enables you to centralize manage your roles. Despite of managing your roles on each backend system GRC offers you the opportunity to create and change your authorization roles centrally on the GRC system. The role information will then be synchronized to your connected backend systems. Role management will be automated and the information within a role is easily accessable for your security administrators, role designers and role owners for documentation or maintenance purposes. Business Role Management is integrated within the other SAP GRC applications so that created roles can be immediately requested for end users within the Access Request Management (ARM) application and scannes for access risks within the access risk analysis (ARA).

Customize your roles the way you want it

BRM enables you to set up your roles as you need it. Using role attributes like e.g. criticality level, role status, business process, business subprocess or custom fields you can design roles as your environment requires it. The GRC BRM process for creating roles consists of predefined methodology steps which guides the role developer throughout the process. The role methodology is fully customable and lets you create roles based on your organizational needs. So you can decide which steps need to be taken while creating a role. There might be roles that do not need to be approved as they are not seen as critical while other roles might offer access to sensitive financial data. Within the role management it is possible to set up different rules for the role methodology so that you can use a role methodology with approval step for sensitive roles.

Business Role Management offers several benefits to your organization:

Naming conventions

A good role set up results from a transparent and good naming convention. Business Role Management helps you to keep your naming convention consistent and transparent.

Status tracking

Within the SAP GRC solution, roles are centrally maintained on the GRC system. Roles are created within a customizable role methodology that can be easily accessed. The role methodology provides you with a transparent overview of the role maintenance activities. The audit trail of each role enables you to check each activity within a role.

Central repository

Role are centrally maintained providing you with an easy an transparent role management experience. Instead of creating roles on each backend system, roles can be created on the GRC system. Roles are automatically synchronized with the connected backend systems.

Role mining

The business role management application offers you a couple of reports and functionalities to check your roles e.g. in case of duplicates or in case roles are not needed any longer.

Manage your access risks within role management

The integration of access risk analysis into the BRM application offers enhanced support for your security officers. Roles can be checked for access risks while creating the role. The analysis enables you to check inter – and intra-role conflicts by offering realtime an impact analysis. The impact analysis helps you simulating the effects on other roles (in case you are using the business role concept) which supports you decreasing efforts.

Role Management Process

Depending on your company organization, the identification of business needs as well as the evaluation of the same is performed by the role design team. Moreover the maintenance of the role definition and the performane of risk analysis might be also performed by the role developers whereas the management of risks and the role generation (after the role change was approved) should be performed by the security analyst. As mentioned before each change should be subject to approval or rejection in order to safeguard a compliant workflow. After the approval of the role owner (or Business Process Owner), the role needs to be tested by the role design team for checking if the business need is satisfied.


Send us an email @ info[at] and we’ll get in touch with you shortly. Please note that we are storing only data provided by you like your name, mail addres, phone number and message content. This data won*t be used for any other purpose as for getting in touch with you.