Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
Subscribe to this list via RSS Blog posts tagged in Authorizations
Hits: 7265 0 Comments

Many small and medium sized companies struggle with this challenge. Let’s say they have a sales representative who’s located in another country. Which authorizations should he get? Should he have access to the SAP system at all? If so, should he be allowed to only see SAP reports (“view only”) or should he issue sales documents too? The answer is not easy, and might involve solving or remediating Segregation of Duties violations during the analysis process.

 iStock_000020168207XSmall.jpeg

Continue reading
Hits: 6968 0 Comments

When it comes to handling GRC conflicts, is it better to use an alerting tool or a simulation tool? They both manage conflicts, but one is predictive and the other happens after the fact. Well, there is no one solution; the key is to use them in combination to promise a peaceful process and clean GRC audit report.

iStock_000006872507XSmall.jpg

Continue reading
Hits: 6661 0 Comments

If you haven’t already noticed, in some SAP support packages several T-Codes have been replaced with other T-Codes. These changes create a challenge in maintaining your company’s authorizations, and there are also implications to the GRC module. So, what do you do?

iStock_000015527840XSmall.jpeg

Continue reading
Hits: 7400 2 Comments

“Conscious uncoupling,” (see goop) the fancy new age words that Gwyneth Paltrow and Chris Martin are using instead of the word “divorce” do feel a bit weird, but there is some truth to the approach that I think can actually highly benefit certain events the SAP world. In fact, without a “conscious uncoupling” approach to employees in the SAP world, a great deal of work might go to waste.

iStock_000005261770_XSmall.jpeg

Continue reading
Hits: 6030 0 Comments

What are your organization’s top three most sensitive T-Codes; the ones that you’re really careful about granting? You’ve had to think about this before, either during an authorization-inspection project, a GRC project or when asked by an auditor. Can you name the “top three?” I’m sure you can. And I’m sure you probably wouldn’t give it a second thought.

iStock_000013987109XSmall.jpg

Continue reading
Hits: 14297 0 Comments
Hits: 8973 2 Comments
Hits: 11065 1 Comment

(This is the short version of an article regarding the most popular T-Code used to analyze SAP Authorizations. Download the full SUIM article including examples and screenshots).

When it comes to SAP audit time, auditors will direct security administrators to run a set of reports on User Information System using SAP Transaction, or T-Code, “SUIM”. This allows them to inquire on users’ SAP authorization data and sensitive objects.

Continue reading
Hits: 10071 2 Comments

If you’re like most CIOs, CISOs or internal auditors that work in a company that has implemented SAP, every day you have to contend with overloaded terms like “Profile,” “Authorization Role” and “Authorization Object” and quotes such as “This person can't access the company code because he doesn’t have BUKRS in his profile.” Don’t worry. You’re not the only one who feels like they speak a different language. Keep reading.

b2ap3 thumbnail iStock 000019343616XSmall

Continue reading
Hits: 11617 0 Comments


Headquarters

+972-3-624-4245

157 Yigal Alon Street,

Tel Aviv 67443, Israel

info@xpandion.com

US Office

+1-800-707-5144

33 West 19th Street, New York,

NY 10011, USA

info.us@xpandion.com

India Office

+91-989-2546216

C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India

info@xpandion.com