Audit-compliant Authorization Concept – Simple and Efficient with XAMS

New Success Story with Sortimo International GmbH

The tools of the Xiting Authorizations Management Suite (XAMS) significantly contributed to the project success of the authorization redesign at Sortimo International GmbH. The assigned user roles could be considerably reduced, thereby improving the quality in the new functional roles. In particular, the evaluation possibilities of the Role Designer and Role Profiler helped the company achieve better communication with the specialized departments.

The goal of an audit-compliant authorization concept was achieved through the expertise of Xiting consultants and the reliable collaboration with Sortimo International GmbH. At the same time, knowledge about SAP authorizations was extensively expanded and strengthened during the project. Certain process flows were also scrutinized and rebuilt in consultation with the company.

Highlights

• High acceptance of the project in the specialized departments through the use of XAMS
• New authorization concept according to SAP standard processes
• Strengthening of knowledge transfer in specialized departments
• Revocation of SAP_ALL permissions for dialog users

Goals

The redesign project aimed to create a completely new authorization concept for all specialized departments, including IT. There should be a significant reduction in the roles and transactions assigned to users. Compliance with the need-to-know principle and the avoidance of Segregation of Duties (SoDs) were given priority. Additionally, the implementation of an emergency user concept, the revocation of SAP_ALL permissions for dialog users, the standardization of role naming conventions, and the creation of concepts for audits, as well as the easier maintainability of the new authorization concept, were important to the company.

Challenges

During the project, it was crucial to coordinate the role contents at the transaction level with the specialized departments. The evaluation possibilities of the XAMS significantly simplified the adjustments and greatly improved the quality of the results from the workshops with the specialized departments. Productive Test Simulation (PTS) enabled the roles to be defined with technical precision during the test phase, which had previously proved very difficult and inaccurate. The otherwise very time-consuming mass actions, such as user creation, role assignments, role replication, etc., were significantly accelerated by the tools of the Role Replicator. Furthermore, restrictions on critical transactions or authorization values can now be more easily evaluated, monitored, and maintained using the Role Profiler.

Successes

Through the harmonious and competent collaboration between Sortimo International GmbH and Xiting GmbH, a new authorization concept was created which is based on the SAP standard and best practices. Upon completion of the project, the company benefits from clean functional separations, easier maintainability, increased clarity, and important audit compliance. Awareness and knowledge regarding authorizations were strengthened in the specialized departments. Moreover, during the project, process flows were also questioned and optimized accordingly. The new concept therefore now also offers the best conditions for a future SAP S/4HANA migration.

About the Company

• Name: Sortimo International GmbH (founded 1973)
• Location: Zusmarshausen (Germany)
• Industry: Metal industry/Vehicle accessories
• Revenue: approx. 168 million
• Employees: approx. 1.300
• SAP system in the project: SAP ERP

• Author
• Recent Posts

Jennifer Kraft

SAP Security Consultant | SAP Authorizations at Xiting GmbH

Latest posts by Jennifer Kraft (see all)

• Audit-compliant Authorization Concept – Simple and Efficient with XAMS - 8. May 2023