How Proper Authorization Strategies Improve SAP System Security

While SAP’s technological and solution enhancements improve business processes and system landscapes, users need to consider how these changes affect their system security.


For any organization to manage access control over its system, proper authorization processes need to be implemented.


Authorizations define what a user is allowed to do – not to be confused with authentication, which only determines who a user is by validating their credentials when logging into a system. A user may be able to log into a system, but without authorizations, they are unable to access any functionalities.


Providing SAP User Access

In order to gain access in an SAP system, employees must obtain user IDs. Once successfully logged on, the end user’s authorizations will load into the user buffer based on the assigned authorization profiles in the user master record.


The level of access is determined by roles and profiles assigned to a user. A user’s assigned roles and profiles depend on the specific authorization concept an organization follows. Since requirements and environments are unique to an organization, methods for effective authorization will vary. Criteria like location, industry, business area, technology, or area of responsibility will need to be taken into consideration to build and optimize a proper strategy.


Increased landscape complexity and the desire for proper authorization setup have increased the demand for tools that can automate authorization management processes. These tools allow you to maintain users, roles, and authorizations, as well as implement authorization concepts in a sustainable way. In response to recent SAP S/4HANA transformations, these tools also facilitate the migration of authorizations and drastically reduce migration efforts. These tools can help organizations stay on top of security matters in fast-growing and hybrid landscapes.


About the Authorizations in SAP S/4HANA and SAP Fiori book

Having a solid authorization process will help organizations manage security issues and errors more effectively. We’ve published Authorizations in SAP S/4HANA and SAP Fiori to help you implement and manage roles and authorizations in your system.


First, you’ll understand the necessity and importance of SAP authorizations as the security framework of SAP S/4HANA. You’ll gain insight on authorization basics and vital technical information for users, roles, profiles, authorization checks, and applications. Then, you’ll move on to information about role building, role maintenance, and the profile generator.


The book explains authorization traces, including when and how to use them, in order to solve authorization issues. Explore details about the architecture, tools, and components required to authorize end users within SAP Fiori.


Learn how to use SAP Access Control and SAP Cloud Identity Access Governance to maintain and review a sustainable authorization concept. Then, see how to securely authorize your technical users to safeguard the connectivity between systems and applications.


Lastly, you’ll explore SAP S/4HANA authorization migration. Understand the process, prerequisites, technical basics, architecture, and conceptions. Then, learn how to use both SAP and third-party tools that allow you to structure, prepare, test, and implement a migration.


About the Authors

Alessandro Banzer is the chief executive officer of Xiting. He has worked in information technology since 2004 and has specialized in SAP since 2009. Since then, Alessandro has been involved with global SAP projects in various roles. Alessandro is an active contributor and moderator in the governance, risk, and compliance space on SAP Community, as well as a speaker at SAPPHIRE, ASUG, SAPinsider, and other SAP-related events. He holds a degree in business information technology, as well as an Executive Master of Business Administration from Hult International Business School in London, UK.


Alexander Sambill is a senior SAP security consultant and certified SAP trainer at Xiting Germany. He is a security-minded professional with consulting and sales experience in many industries. During his years of work within SAP security, he specialized in SAP authorizations for SAP ERP, SAP S/4HANA, and SAP Fiori. Alexander leads authorization migration and redesign projects for small and large enterprises, educates customers, and solves individual custom use cases. He is also a federally certified instructor (IHK) in commerce and industry. Alexander is a passionate writer and active blogger of technical and scientific articles, e-books, white papers, surveys, and more about SAP security and authorizations. He is the content manager of publications for SAP authorizations at Xiting AG. Before starting work for Xiting, he received his master of business administration from the Technical University of Bergakademie Freiberg, Germany. Alexander lives in Germany and loves to soak up energy by hiking and cycling in the Ore Mountains or playing table tennis.


How to Purchase

If you’re interested in purchasing Authorizations in SAP S/4HANA and SAP Fiori, follow this link and choose the format that works best for you: e-book, print edition, or bundle (both e-book and print).


If you want to continue learning about SAP administration, or if you want information on other upcoming books or special offers, make sure to sign up for our topic newsletters or our weekly blog recap.


Authorizations in SAP S/4HANA and SAP Fiori

Develop a complete authorization concept for SAP S/4HANA and SAP Fiori with this guide! Start by understanding how authorizations work in an ABAP system and exploring the main transactions you’ll use for configuration. Then learn to create roles with Transaction SU24 and the Profile Generator, track and correct missing authorizations with traces, manage users, and more. See how SAP Access Control can be a useful tool to manage authorizations and learn to migrate authorizations to SAP S/4HANA.

Learn More

SAP PRESS is the world's leading SAP publisher, with books on ABAP, SAP S/4HANA, SAP CX, intelligent technologies, SAP Business Technology Platform, and more!