There are cases in which the management of 10.000 SAP users is done by two or three people (maybe not full-time).
Other similar or smaller cases where a team of 15 full-time people fail to meet the demands.
How is it possible? Let’s try to analyze what could be the causes and also possible solutions.
Statistically it is known that more than 40% (Gartner) of requests that arrive to user administrators (Help Desk) are due to reset and user releases. Some examples:
Not always everything can be automated, the reasons are different. Unless there are contraindications, acquiring a self-service reset password or Single Sign On system could really reduce the number of calls of this type.
Although SAP makes available the way to manage the authorizations through roles, it depends on how the latter are organized in order to benefit from the native functionalities of the system. The definition of a model RBAC (Role Based Access Control) can be done in many ways, some of these correct other less.
If I have 1000 users and I have more than 40% of professional figures, maybe I have the problem of having too many roles.
Another reason, more technical, is the lack of use of the features that SAP already offers, as mentioned above. For example, the direct use of single (or simple) roles towards collective (or compound) roles.
Which are the time-saving tools that improve SAP governance? Let’s see some of them:
Blog post originally translated from: https://www.aglea.com/blog/3-consigli-pronti-alluso.-riduci-i-costi-di-gestione-sap-security