An effective solution to eliminate unused roles and optimize user assignments

It is common for our users to have assigned roles that they do not use (1). Our solution, CentinelBox, addresses this issue in the following way:

1. Identification: We use the report of unused roles by user accounts. It is simple and allows defining a time horizon parametrically, reviewing the last 24 months, 48 months, or others.

2. Deassignment: To deassign roles, we offer two options. You can use the standard transaction if you prefer or the functionality of the Build&Rebuild module. After loading the data obtained in the previous step, roles are deassigned in minutes.

¡Once you make the decision, execution will only take a few minutes!

What happens if we encounter cases where roles grant functionality to transactions that are in other roles? This problem often arises when roles and authorization objects are manually modified, allowing transactions from another role to function correctly. To address this issue resulting from bad practice, there are two solutions:

1. Correct the role where the change should have been made initially. This option is applied once the user detects the problem, and the affected role needs to be corrected.

2. Leave the deassigned role without transactions, retaining only its authorization objects, using the functionality of Create & Reconstruct. In the next post, we will delve deeper into this solution.

WANT TO LEARN MORE ABOUT CENTINELBOX AND HOW WE CAN HELP YOU TAKE CONTROL OF YOUR SAP SECURITY?

Schedule a personalized demo directly with me so you can see how our platform enables assertive and successful internal control.