Case Study – SAP Access Redesign
Massive numbers of single, derived, composite roles, roles did not match positions, excessive access an issue, users often copied, bottle necks in access request process due to numerous approvers being needed and lack of understanding of the role model.
2 key systems, 6000 users using SAP, 20,000+ single roles. Users in some departments required up to 200+ roles for their job.
FTSE 100 customers in the Luxury Retail sector
Business size & complexity
10k employees globally, 60% SAP users, 2 ERP systems, S/4 HANA, GRC, BW, Ariba and SuccessFactors
Pragmatic approach taken considering business processes were already operational. Organisational structure was confirmed with business, then Xendl leveraged transactional usage vs team structures (see accelerators) to redesign and deploy job roles.
Creating a business role (free from SoD) and named in line with job role, that followed the principle of least privilege
What was delivered
+ Circa 250 business roles, mapped to 400+ positions
+ Standardisation of access
+ Simplification / streamlining of access request process
+ Multiple workflows governed by organisation positions, including immediate provisioning for certain low-risk business units (as requested by client)
Xendl apps/ accelerators
Automated role design draft tool (based on usage)
UAR / Role certification Fiori app
*Both tools require a GRC installation