Success Story: EOS – Redesign of SAP Authorizations
A transparent authorization concept and an audit compliant emergency user concept simplify business processes
The Xiting Authorizations Management Suite (XAMS) enabled EOS GmbH Electro Optical Systems, the world’s leading technology and solution provider in industrial 3D printing, to redesign all its SAP authorizations and make the transition to a transparent, job function-based business role concept. By replacing the old, too extensive authorizations and restricting access to critical transactions, the company succeeded in increasing the quality and security of its SAP roles. As part of this project in cooperation with Xiting GmbH, EOS GmbH has implemented an auditable and simple emergency user concept, which met all requirements for internal and external auditing.
“Thanks to the outstanding efforts and the extensive expertise of Xiting, EOS was able to replace an authorization concept with project roles & “SAP_ALL” and implement a robust, secure and demand-driven authorization concept based on the need-to-know principle and without SoD conflicts.”Julian Japp, Project Manager XAMS implementation, EOS GmbH Electro Optical Systems
During this customer project for the German 3D printer specialist, EOS GmbH Electro Optical Systems, the focus was on reviewing the SAP authorizations and replacing the old and too extensive authorizations by focusing on the main goals of the project, i.e., introducing a secure business role concept, considerably simplifying the role maintenance, and eliminating existing security gaps.
Increasing data protection and restricting access to critical and security threatening transactions were further objectives of this project. In addition, we aimed at achieving long-term traceability and transparency for the risky system support provided by the users.
In order to address the challenges surrounding the creation of an authorization concept based on job functions in a pragmatic and goal-oriented manner, the evaluation of usage data and the identification of necessary authorizations for the corresponding job functions were extremely important. Since the effects of role changes were analyzed in real time, the testing phase was shortened and enormously simplified during normal business operation with the help of the productive test simulation (PTS) developed by Xiting.
Making sure that the go-live ran smoothly during the year-end closing was particularly challenging. The potential risks during the transfer of the new SAP authorizations have been minimized with the help of the Xiting Protected Go-Live (PGL).
The innovative tools of XAMS enabled the mass processing of process roles and authorizations, as well as the creation, assignment and maintenance of organizational sets and the analysis of roles in terms of quality and security.
By means of an efficient planning and implementation of the SAP authorization project, we successfully managed to implement a transparent authorization concept and to simplify the maintenance of roles. The use of emergency rights is now an efficient and verifiable process, thanks to an auditable, simple emergency user concept that has been introduced using the XAMS.