Re­view and re­struc­ture your au­thor­iz­a­tion concept

Compliance with RBE Plus

IT com­pli­ance fig­ures high on cor­por­ate agen­das. These days em­ploy­ees are stor­ing, edit­ing and shar­ing ever in­creas­ing volumes of data in SAP sys­tems. Our RBE Plus ana­lyses are es­sen­tial tools that sup­port your com­pany in com­ply­ing with laws and reg­u­la­tions, and doc­u­ment­ing this com­pli­ance. What’s more, we’ll help you re­view and re­struc­ture your au­thor­iz­a­tion concept and tail­or your li­cens­ing concept to your spe­cif­ic needs.


Se­cur­ity and com­pli­ance re­quire­ments are in­creas­ing, but man­aging ac­cess au­thor­iz­a­tion is tricky. Prob­lems must be de­tec­ted and remedied im­me­di­ately.

An in­dustry-in­de­pend­ent study con­duc­ted by IBIS Prof. Thome shows that on av­er­age, em­ploy­ees have far more au­thor­iz­a­tions than they need. Ap­prox­im­ately 23 per­cent of these proved wholly un­ne­ces­sary. In the or­gan­iz­a­tions ex­amined, em­ploy­ees were typ­ic­ally as­signed more than 5,000 non-es­sen­tial func­tions and/or trans­ac­tions.

This reck­less dis­tri­bu­tion of au­thor­iz­a­tions gives em­ploy­ees ac­cess to activ­it­ies in the sys­tem that they don’t need and shouldn’t have – and worse still, this ac­cess can­not be re­li­ably mon­itored. Be­sides neg­at­ively im­pact­ing busi­ness pro­cesses, in­dis­crim­in­ate dis­tri­bu­tion of au­thor­iz­a­tions can res­ult in massive breaches in data se­cur­ity, not to men­tion un­war­ran­ted costs.

RBE Ac­cess ana­lys­is helps you:

  • es­tab­lish au­thor­iz­a­tion man­age­ment that con­forms to your company’s needs and meets com­pli­ance and se­cur­ity re­quire­ments
  • en­sures that em­ploy­ees’ phys­ic­al and net­work ac­cess matches cur­rent task pro­files and activ­it­ies


Cut­ting costs by reg­u­larly check­ing li­censes against user activ­it­ies and re­as­sess­ing the need for pur­chased li­censes.

The SAP li­cens­ing mod­el is us­age-based, so li­censes should re­flect the users’ ac­tu­al activ­it­ies. We ad­vise cor­por­a­tions to gear their pur­chases to­ward what we term the “least-li­cense” prin­ciple – keep­ing li­cens­ing to a min­im­um by as­sign­ing users only the li­censes they need.

When sys­tem con­fig­ur­a­tion does not re­flect real needs, you’re at risk for over-li­cens­ing. But as­sign­ing li­censes based on ac­tu­al sys­tem us­age re­quires peri­od­ic re­views and re­as­sess­ment of li­cens­ing needs. Thanks to RBE Plus, this is simple.

The ana­lys­is makes it easy to fit users with the prop­er num­ber and types of li­cense. What’s more, it re­veals short­com­ings in your cur­rent li­cens­ing strategy and points out how to im­prove them.


Ac­cess to com­pany-crit­ic­al data must be strictly reg­u­lated and mu­tu­ally in­com­pat­ible func­tions se­greg­ated.

As cor­por­a­tions em­brace all that the di­git­al age has to of­fer – with in­creas­ing quant­it­ies of data be­ing stored, ed­ited and shared across the world – se­greg­a­tion of du­ties takes on great­er sig­ni­fic­ance than ever be­fore. Be­cause ERP sys­tems store masses of com­pany-crit­ic­al data, ac­cess to this data must be strictly reg­u­lated and mu­tu­ally in­com­pat­ible func­tions se­greg­ated.

The SoD ana­lys­is helps you:

  • to se­greg­ate func­tions to com­ply with in­tern­al and ex­tern­al reg­u­la­tions.
  • to check activ­it­ies ex­ecuted
  • to pro­act­ively re­view and de­tect breaches en­abled by em­ploy­ees’ ac­cess au­thor­iz­a­tions

License verification will be authorization based – are you ready?

Up to now the us­age – i.e. the ac­tu­al ex­ecuted trans­ac­tion and table ac­cess – de­term­ined the price for li­cens­ing SAP users. How­ever, in the fu­ture the full po­ten­tial scope of func­tions is said to be it, wheth­er ac­tu­ally used or not. This means that the full scope of func­tions is go­ing to de­term­ine the li­cense type and there­fore the cost of an SAP li­cense. This is SAP’s plan any­way.

This pro­ced­ure already be­comes ap­par­ent in the ac­tu­al ver­sion of the SAP veri­fic­a­tion tool USSM 2.0. We know from our pro­ject ex­per­i­ence that many users have nu­mer­ous dormant au­thor­iz­a­tions (and un­needed user li­censes for that mat­ter) in their au­thor­iz­a­tion roles which they usu­ally don’t use. With SAP’s fu­ture plan this can be quite ex­pens­ive for you. There­fore, take care of your SAP li­censes and user au­thor­iz­a­tions as soon as pos­sible.

Get in touch with us. We are happy to help you find out which au­thor­iz­a­tions your users really use and need. You shouldn’t pay more than ne­ces­sary!

Checking physical and network access against your security regulations

Key fig­ures, de­tailed eval­u­ations and in­teg­rated re­com­mend­a­tions help you match phys­ic­al and net­work ac­cess au­thor­iz­a­tions to cor­por­ate se­cur­ity reg­u­la­tions.

Restructuring the licensing model

Use RBE Plus SAP ana­lyses to re­struc­ture your li­cens­ing mod­el to re­flect your cur­rent cor­por­ate needs

Preventing SoD violations

Veri­fy­ing that SoD rules are ob­served is not enough. Define your role concept to pre­vent vi­ol­a­tions.

RBE Plus SAP ana­lyses give us pro­found in­sight in­to user be­ha­vi­or in our sys­tem.”

Tor­sten J. Somann, IT-Chef (Witzen­mann Group)

You would like to know more about Compliance? Get in touch with us: