SAP Role Design

SAP Role Design Services

Sunera’s SAP security practice specializes in deploying and implementing SAP role designs and GRC Solutions to meet complex compliance requirements. Our security practice is led by former SAP integrators whose backgrounds bridge technology, compliance, and finance disciplines. Their expertise includes leading large GRC system implementations and SAP role design projects, managing “Big-4” risk advisory practices, and leading fortune 500 compliance departments. We offer organizations a pre-configured role design which is designed to be free of segregation of duties and can be customized to meet customer specific requirements. This role design can be utilized as part of redesigning security privileges or to facilitate remediation initiatives. Our SAP Security Practice services include the following:

Pre-Configured Role Design	Security Assessment
SoD Free Role Simple and Master Roles Task Based Roles for SoD Related Tcodes Broad Roles for Display & Reporting Tcodes Designed to Work with either Roles or Organizational "Enabler" Roles	Review and Assess Role and User Permission Sensitive Tcode Usage Usage of Custom Authorizations User Provisioning Actual Tcode Usage vs. Design Manual Authorization Effectiveness of Security Team Naming Convention Report with Findings and Recommendations
SoD Remediation	Security Outsourcing
Role and User SoD Analysis Remediation Recommendations Remediation Workshops User Access Changes Custom Authorization Options Role Redesign Options Compensating Control Mapping Remediation Action Plans	Role Design GRC Rule Set Maintenance SoD Reporting & Analysis User Access Troubleshooting Role Maintenance

Segregated Role Design Methodology

Sunera has developed a unique methodology for implementing SAP security roles which meets the rigorous compliance requirements organizations face today. The methodology was developed based on our practical implementation experience and the risk based audit and process knowledge acquired through years of Big 4 SAP security audit experience. Our methodology is designed to significantly reduce the cost of developing and maintaining a compliant SAP role design by shortening the development and implementation cycle as well as reducing ongoing support efforts related to maintaining security roles and managing user segregation of duties (SoD) issues over the life of the role design. To achieve these efficiencies our methodology includes a number of implementation accelerators including:

Pre-configured SoD free roles that generally meet 85% to 95% of an organization’s security requirements,
A logical naming convention that maps to key elements of GRC rule sets to facilitate efficient user SoD remediation,
Reporting templates developed for the BizRights, SAP, and Security Weaver SoD products formatted to assist the business with user SoD remediation,
Pre-defined test scenarios, and
Templates to fast track information and requirements gathering.

In addition to the implementation accelerators, our methodology also includes a standard project plan that outlines the phases and tasks required to successfully implement a compliant SAP role design and can easily be modified to meet customer specific needs. Our team includes all of the expertise you will need to successfully deploy roles within SAP that are free from SoD violations.

SAP® is a registered trademark of SAP AG.