BLOG
Advice from our experts
GDPR is Coming
Lately, I have received a flood of calls regarding GDPR asking why we have not published anything on the subject yet. The latest call was from a senior consultant in one of the Big-4 firms asking what Xpandion’s stance is on the GDPR regulations. So here it is! YES, Xpandion is
With Great Power Comes Great Responsibility – The Life of a SAP Authorization Manager
When you are a SAP security person, responsible for managing access control for all employees in the organization, you hold a very powerful position. In comparison to programmers who have a lot of control over their specific work, the authorization manager, most of the time, does not have to obey
Increase User Satisfaction! Integrate SAP Security and SoD in your Self-Service Portals
In the past couple of years Xpandion has been involved in creating and integrating self- service user portals. Customers either wanted to use Xpandion’s self-service user portals, or they needed integration between ProfileTailor Dynamics’ portal and their own user portal. Based on these experiences, we have created a short list
SoD is not Magic: A Few Tricks for an Easier Segregation of Duties Implementation
We recently met with a few of our global customers as well as prospective clients, and we were able to gain a great deal of insight regarding one of the most talked about topics, segregation of duties. Some of the companies say that segregation of duties is only for the
Why Some Companies Prefer Cloud
One of our partners recently told us a story. A potential customer whose business management and SAP audit team LOVED our product – loved the feature that grants authorizations automatically in multiple systems, the feature that alerts managers to risky authorizations and of course how ProfileTailor Dynamics can actually solve
SU01 – Be Smart When Copying Users
You Can Continue to Copy Users in SU01, but be Smart about it! How does your organization create user accounts for new employees? How do you grant authorizations? Most organizations use the method of copying an existing user account, slap a new username on it using t-code SU01 and moving
Four Effective Methods to Increase Security and Optimize Operational Costs
This blog discusses in short, four effective methods that give high value to security managers by reducing manual work and simultaneously increasing security levels. The idea for this blog came from speaking with senior SAP security individuals, CISOs as well as security team members who find themselves spending time on
How to Choose the Best Role to Grant Users in 3 Easy Steps
How do you choose the best single authorization role to grant a user who has just sent a request for additional authorizations? This is a complicated process for most organizations as there are thousands of roles that exist. Even if there are only 15 roles that actually match the user’s
Your First Steps Towards Becoming a SAP GRC Professional
SoD (Segregation of Duties) and GRC (Governance, Risk, and Compliance) experts are vital members of any publicly traded organization that relies on SAP. In the long run it can be a rewarding and lucrative position that greatly influences the procedures and bottom line for businesses large and small. SoD (Segregation of
Emergency Access at 2am? Don’t Wake Me Up, Please!
There’s a tricky little process with an innocent-sounding name, and it’s something that goes on in your organization far more frequently than you’d imagine. Can you guess what it is? It’s called “IT Access” (AKA “Emergency Access”) – and auditors love it. When IT employees–or anyone who doesn’t require continuous
