SAP Security is not sexy. At least that’s what others think.
This is probably the reason why it’s not the most appealing position among SAP professionals.
You will get all the blame once the SAP users cannot access a certain transaction. During project implementation, other SAP consultants would tell you that you are hindering their progress, because they cannot move on if they or the key users hit an authorization issue. All this boils down to one thing: because you are the most convenient target.
Other people think, even most SAP consultants that SAP Security is just merely one transaction code, PFCG. But contrary to what others perceive, SAP security is more than authorizations!
I don’t want to be too technical on this article (that’s something I’d post for another day), but I just wanted to debunk the myth that SAP Security is just authorizations.
Let’s say for example you are a part of a project running a fresh SAP implementation. You’d need to get involved in terms of designing the roles of the users. You would need to identify a few job functions with the help of your project team which is composed of consultants and business users.
User Job Functions
Different groups of SAP users need different roles. Most companies would have the Finance and Controlling (FICO), Sales and Distribution (SD) and Materials Management (MM) modules implemented in SAP. In each module, you’ll have different sets of users and job functions. For example, the Logistics and Procurement users in the MM module would have the buyer, requisitioner, approver for purchase orders and purchase requisition job functions. Each would group could have common and distinct roles. Same goes for the Finance and Sales and Distribution modules.
Business and Compliance
Now, for the SAP Security Admin to be able to better support the company, he should know a little bit about the business. If you are joining a company which has SAP already implemented, you’re lucky since you won’t be starting from scratch. Best case scenario is that there are already some templates to copy your SAP users from. But what about companies doing fresh SAP implementations, how are you going to help design the roles if you have zero knowledge of the business side? You will then be much dependent on your SAP functional team members.
Plus there is the compliance part of the business. There are some companies which do not give much importance to the Segration of Duties (SOD) in SAP. In short, the compliance aspect is missing. Did you know that if a user is so powerful in SAP, he can buy expensive stuff like computers, etc., pay the products using the company’s money, have the items delivered to a different location and then resign from his job and run away as far as possible with a truckload of computers ready to be sold? Of course I am talking about some extreme scenarios here, but this is definitely possible if the business or management is not paying attention to the compliance aspect of SAP Security.
These all sound very complex, but the truth of the matter is that SAP Security is still the easiest path into the SAP world. The technical side is very easy to grasp. And if you are interested and would be willing to follow our blog, we’ll show you every step of the way until you can walk up to your boss and say that you already know SAP authorisations.
SAP Security is not sexy. But now you know better!
Image credit goes to George Oates on FLICKR.