SAP systems contain critical and sensitive data. Securing this data is essential and, because of SoX and GDPR, we see that implementing security during implementation projects is part of the scope.
Your employees need access to the data and therefore SAP users are being created and authorizations are assigned to these users. Nowadays these authorizations are assigned via the created SAP roles. But what about license assignment? SAP users needs to be assigned to a SAP license type. The license types do not determine what a user can do in the SAP system, but they determine how much you will have to pay for this user. Therefore, defining and assigning the correct license types to the users is very important from a cost perspective.
Controlling the SAP users and their assigned licenses is very important for contract compliance and costs. There are many different SAP license types available to assign to the users and the costs per license will vary. What we still see is that license assignment and optimization are often left out of the scope of SAP environments, and therefore users are assigned to very expensive license types. This results in high license costs.
An inventory of assigned licenses must be provided to SAP. We recommend performing a measurement of assigned SAP licenses to avoid high license costs internally on a periodically basis.
Auditing assigned SAP licenses to users is a functionality integrated in CSI Authorization Auditor and CSI Role Build & Manage. This analysis can be done on users and roles, cross-system or for one system, and will show you the users of the SAP environment(s), the current assignment of SAP licenses, and it gives a recommendation of the license types that should be assigned based on assigned authorizations, used functionality and Segregation of Duty conflicts.
Advantages:
- Identify contract compliance issues and assure correct license assignment;
- Get insight in all the SAP users and save on your license costs by removing unused, redundant or duplicate users.
- Assure the correct roles are assigned the user’s performed activities;
- Cross-check assigned and used user-IDs across SAP environments.