Xpandion Blog

  • Home
    Blog Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.

What Are The 3 Most Important SAP Authorizations Related Tasks For Q3?

  • Font size: Larger Smaller
  • Hits: 8581
  • Print

What? It’s already the third quarter? Yes, it is. We suddenly realized it ourselves, and wanted to make sure to remind you authorization managers and CISOs what you’ll be facing during this second half of the year. We’re assuming that these three things are already on your task list for Q3/Q4 (and if not, they should be), but we thought it would be nice to summarize them anyway.


Task 1: Review Employee Authorizations

This is a very important task whether your company is obligated to GRC compliance or not. It’s necessary to verify that employee authorizations are still required to do their jobs. You’d be surprised, but in every organization in which we’ve conducted an authorization review process, there were invalid authorizations or employee permissions that were not relevant anymore for the employee’s current role. If you’re in an organization that is obligated to SOX compliance you must conduct the survey, and if you’re not, it’s still a very good thing to do if you wish to help prevent the next act of fraud.

Read our “best-seller” free eBook about how to conduct a successful authorization review process.

Task 2: Eliminate Inactive Accounts

Don’t pay for nothing and don’t give a hacker an opportunity – just take a minute and eliminate user accounts that haven’t been active in the last 90 days. Of course, don’t lock the administrator accounts even if they aren’t active, and don’t lock people who are on sick leave or pregnant. But for all the other employees that aren’t logging into the system, they can probably do their job without an expensive user account. For each eliminated account you save twice: First, you’re freeing up the license. Second, you’re removing a potential account that can be hacked.

There are more delicate ways to go about this if you wish to have happier users. You can warn inactive employees with a nice email before locking their accounts, you can ask someone to approve the list of accounts that are slated to be locked, and you can implement a process that does all the above automatically in multiple systems, but this is all nice-to-have. Eliminating user accounts that haven’t been active for a long time is what’s important.

Task 3: Do Some Data Cleansing and Data Completeness Checks

We can’t stress how important is to have full and accurate data. Having high-quality and complete data is the key to finishing tasks more quickly, performing data queries more effectively, and spotting suspicious areas in your system that need to be further investigated. There is no best specific time for performing data cleansing, but it should be done from time to time.

  1. Check that all user accounts have the most recent data, such as names, departments, email addresses (VERY important), physical location, telephone number, etc.
  2. Check that all authorization roles have proper descriptions and that they are really still required.
  3. Go to your ABAP programs and verify that all the Z programs have authorization checks in place.
  4. Then… well, you get the idea. Just take 3-4 topics and check that they are 100% accurate.

With all this done, you will promise yourself a cleaner and a much more secure system.

Did you know Xpandion has software to fully control authorizations? Get a demo of Xpandion ProfileTailor Security & Authorizations.

Have a great second half of the year!

Dror Aviv joined Xpandion in 2010 as a programmer in the R&D team. Combining technical knowledge with implementation skills, Mr. Aviv serves today as a Senior Implementation Advisor, bringing with him extensive hands-on experience from the field. He works closely with customers at their sites, and is an expert in defining customer needs, translating them into business process and implementing them via ProfileTailor Dynamics’ suite of products.


  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest 24/06/2017


in XpandionPosted by Yoav Michaeli

Do You Understand the Meaning of Behavior-Based Profiling?

Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly?

in XpandionPosted by Yoav Michaeli

Office Space- A funny movie about hackers or a real life security threat?

Though most SAP programmers are reliable, serious professionals, there are a few who are intent on harming their organizations – and because of these few, we are rightfully afraid of the power of SAP Programmers. They almost always have a significant number of authorizations in the production system...
in XpandionPosted by Yoav Michaeli

Optimize Licensing Costs. Increase Security

These are amongst some of the most worrying words that enterprises and managers can hear.  And, yet, they are a part of day to day terminology- whether whispered behind  soundproof board room doors, discussed openly by upper management or colleagues addressing them casually over the wate...
in Security & AuthorizationsPosted by Dror Aviv

My Bonnie Lies Over The Ocean. Which SAP Authorizations Should He Have?

Many small and medium sized companies struggle with this challenge. Let’s say they have a sales representative who’s located in another country. Which authorizations should he get? Should he have access to the SAP system at all? If so, should he be allowed to only see SAP reports (“view only”) or sh...
in Security & AuthorizationsPosted by Yoav Michaeli

How to Eliminate "Deceiving" Authorization Roles

  What Are Deceiving Authorization Roles? The term “deceiving authorization role” describes an authorization role that possesses a name or description that incorrectly describes its content. This situation is often caused by human error, due to the difficulties of maintaining authorization ...



157 Yigal Alon Street,

Tel Aviv 67443, Israel


US Office


33 West 19th Street, New York,

NY 10011, USA


India Office


C 103, Akruti Orchid Park, Andheri-Kurla Road,

Andheri East, Mumbai, India