SAP Role Design Services

Overview

Sunera has developed a unique methodology for implementing SAP security roles which meets the rigorous compliance requirements organizations face today. The methodology was developed based on our practical implementation experience and the risk based audit and process knowledge acquired through years of Big 4 SAP security audit experience. Our methodology is designed to significantly reduce the cost of developing and maintaining a compliant SAP role design by shortening the development and implementation cycle as well as reducing ongoing support efforts related to maintaining security roles and managing user segregation of duties (SoD) issues over the life of the role design. To achieve these efficiencies our methodology includes a number of implementation accelerators including:

Pre-configured SoD free roles that generally meet 85% to 95% of an organization’s security requirements,
A logical naming convention that maps to key elements of GRC rule sets to facilitate efficient user SoD remediation,
Reporting templates developed for the BizRights, SAP, and Security Weaver SoD products formatted to assist the business with user SoD remediation,
Pre-defined test scenarios, and
Templates to fast track information and requirements gathering.

In addition to the implementation accelerators, our methodology also includes a standard project plan that outlines the phases and tasks required to successfully implement a compliant SAP role design and can easily be modified to meet customer specific needs. Our team includes all of the expertise you will need to successfully deploy roles within SAP that are free from SoD violations.

Segregated Role Design Methodology

Sunera offers organizations a pre-configured role design which is designed to be free of segregation of duties. This role design can be utilized as part of redesigning security privileges or to facilitate remediation initiatives.

Gap Analysis	Derived Design
Identify transaction used by the organization with RBE or ST03N Determine t-codes missing from Sunera Roles Add missing t-codes to Sunera Roles	Identify relevant organizational elements Determine organizational values Configure derived roles Test role design
"Go Live"	Composite Design
Migrate role design to Production Assign users composite roles based on job title Assign users unique roles based on business justifications Support "Go Live"	Obtain job title details Combine Derived/Single roles into job title classifications Configure Composite roles by each job title classification Perform user acceptance testing Perform SoD analysis (Composite roles) Define compensating controls for business justified violations

Our People

Experienced professionals with significant experience in configuring SAP security roles and controls,
Led by former SAP implementer with a focus on security design and application control configuration and previous Big-4 Manager with responsibilities over SAP Security Redesign and Remediation services,
Other professionals originate from both Industry and Big-4 and with a focus on SAP role design and compliance-based projects, and
We have successfully performed in excess of 20 security design/remediation projects, many of which relate to configuring security permissions within SAP, SoD remediation, redesigning security roles, and designing job title composite roles to simplified user provisioning strategies.