BLOG
Advice from our experts
How to Eliminate “Deceiving” Authorization Roles
If your organization has run an SAP system for three years or more, you probably suffer from what we like to refer to as “Deceiving Authorization Roles syndrome.” Whether you’re familiar with this pesky problem or not, maintaining authorization roles for a few years, adding and removing activities and authorization
3 Easy Ways to Prepare for the Event of Employee Leave
“Leaving us so soon, Mr. Solo?” This famous quote might sound good in the movies, but in a business environment, the event of an employee leaving your company can cause some serious security issues if not treated properly. Let’s talk about why and what you can do to prevent these
Missing Data. Corrupted Data: 4 Tactics to Keep Your Data Clean
SAP Licensing and Authorizations Managers: How do you know that your final report is not relying on corrupted data? Maybe you have a software tool that analyses the data for you – but is any data missing or corrupted to begin with? How do you know? John Doe is Requesting
5 Major Mistakes That a GRC Professional Should Never Make
If you’re in the GRC field and you’re asked to join a GRC project as a professional consultant, a team leader or a project manager – avoid these 5 major mistakes. If you don’t identify these situations beforehand, you might be put in an uncomfortable position that could hurt your
Which SAP Authorizations Should He Have?
Many small and medium sized companies struggle with this challenge. Let’s say they have a sales representative who’s located in another country. Which authorizations should he get? Should he have access to the SAP system at all? If so, should he be allowed to only see SAP reports (“view only”)
GRC Compliance: Better to Play Defense or Offense?
When it comes to handling GRC conflicts, is it better to use an alerting tool or a simulation tool? They both manage conflicts, but one is predictive and the other happens after the fact. Well, there is no one solution; the key is to use them in combination to promise
What’s the best way to become a GRC expert in SAP?
It’s hard to start a career in any field, particularly the highly specialized field of GRC in SAP. The good news is that you know this is a direction you’d like to take. The question is how. I recently read this article by Andy Greig from SAP. Basically, the article
The Three Top Authorization Objects: What Are They?
Even though Authorization Objects are the most basic components in the SAP authorization world, they make SAP much more secure. Many organizations argue that you should use Authorization Objects like you spice food: If spices are used properly, there’s total harmony and you can’t live without them. But if they
Granting SAP_ALL to Everybody – Crazy or Not?
True Story A customer from a large enterprise came to us and said, “Our company has an ‘open policy.’ We trust our employees, so we grant all of them SAP_ALL. We know that SAP_ALL includes all authorizations in the system but everything’s working fine and our authorizations are very easy
3 Expert Recommendations for Controlling Indirect Use in SAP Licensing
Xpandion’s CEO, Moshe Panzer, a recognized professional advisor for SAP Licensing, has some excellent advice about a topic that’s been disturbing a lot of SAP customers recently – indirect access. I hope you’ll find this information beneficial for your organization. Question: What is indirect access in terms of SAP licensing
