SAP Consultancy, Solution Advisory, Project Management and Training


Common authorisation management issues I've encountered in my career are...

  • No common and clear naming convention making it difficult to assign the correct roles to users.
  • Authorisation matrix doesn't exist or is not maintained correctly.
  • Not using types of roles correctly (single roles,composite roles,master / parent roles, derived / child roles).
  • Users are assigned large number of single roles instead of assigning composite role based on job role.
  • Many user administrators leave unmaintained authorisation (i.e. objects with some unmaintained field values) in the profile. Such unmaintained authorization often become big nuisance in long run.
  • Changes to authorisation roles are not documented.

If you want to learn more about what I consider best practices for maintaining authorisations in SAP, have a look at the presentation.

JE consulting can assist you in performing an authorisation review and to setup your authorisations correctly.