Emergency Access at 2am? Don’t Wake Me Up, Please!

There’s a tricky little process with an innocent-sounding name, and it’s something that goes on in your organization far more frequently than you’d imagine. Can you guess what it is? It’s called “IT Access” (AKA “Emergency Access”) – and auditors…

Continue Reading Emergency Access at 2am? Don’t Wake Me Up, Please!

How to Eliminate “Deceiving” Authorization Roles

If your organization has run an SAP system for three years or more, you probably suffer from what we like to refer to as “Deceiving Authorization Roles syndrome.”Whether you’re familiar with this pesky problem or not, maintaining authorization roles for…

Continue Reading How to Eliminate “Deceiving” Authorization Roles

The Three Most Sensitive T-Codes Ever: What Are They?

What are your organization’s top three most sensitive T-Codes; the ones that you’re really careful about granting? You’ve had to think about this before, either during an authorization-inspection project, a GRC project or when asked by an auditor. Can you…

Continue Reading The Three Most Sensitive T-Codes Ever: What Are They?

Do You Understand the Meaning of Behavior-Based Profiling?

Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly? Our customers often understand the benefits of our products: how they save time, increase security and lower costs. However when it comes to the hows,…

Continue Reading Do You Understand the Meaning of Behavior-Based Profiling?

The Dreaded SAP_ALL Power Profile

How you can maintain GRC compliance if you have users with dangerous SAP_ALL? The authorization profile, SAP_ALL has such vast amounts of authorizations inside that it is mistakenly known as “the profile that can grant everything in the SAP system”.…

Continue Reading The Dreaded SAP_ALL Power Profile