Additionally, paste this code immediately after the opening tag:

Case Study – SAP Access Redesign

Problem Statement

Massive numbers of single, derived, composite roles, roles did not match positions, excessive access an issue, users often copied, bottle necks in access request process due to numerous approvers being needed and lack of understanding of the role model.

Problem metrics

2 key systems, 6000 users using SAP, 20,000+ single roles. Users in some departments required up to 200+ roles for their job.

Client Information

Business vertical/type

FTSE 100 customers in the Luxury Retail sector​

Business size & complexity

10k employees globally, 60% SAP users, 2 ERP systems, S/4 HANA, GRC, BW, Ariba and SuccessFactors


Xendl’s approach

​Pragmatic approach taken considering business processes were already operational. Organisational structure was confirmed with business, then Xendl leveraged transactional usage vs team structures (see accelerators) to redesign and deploy job roles. ​

​Creating a business role (free from SoD) and named in line with job role, that followed the principle of least privilege​

​What was delivered

​+ Circa 250 business roles, mapped to 400+ positions​

+ Standardisation of access​

+ Simplification / streamlining of access request process​

+ Multiple workflows governed by organisation positions, including immediate provisioning for certain low-risk business units (as requested by client)​

Xendl apps/ accelerators

​Automated role design draft tool (based on usage)​

UAR / Role certification Fiori app​

*Both tools require a GRC installation​


Reference available

​ – Yes