CSIRBM2019 256 v6

Also available as Client/Server version and Software as a Service (SaaS)

CSI Role Build & Manage (CSI RBM) supports the SAP authorization processes with fully automated SAP role building. By documenting all security requirements, the application can build all SAP roles automatically. CSI RBM provides all the tools to shape the future compliant setup of your SAP authorization roles. The role maintenance is also supported with mass user and role creation, updates and deletion.



CSI Role Build & Manage documents the organizational structure and the authorization values needed for every organizational item (department, user group, affiliate, etc.). The strength is that both organizational (company code, plant, etc.) and non-organizational values (internal order, authorization group, etc.) can be used, as well as authorization object fields which are not related to the business unit (organizational), but which have a technical restriction (functional). Reverse engineering is a unique feature ensuring a quick start. This component defines users, role assignments and builds a concept with (composite) roles. Automated translation of codification requirements and mass creation of single and composite roles are the key features. STAD data (user execution statistics) can be merged to have insight into the roles and functionalities in use enabling to remove user assignments.

CSI Role Build & Manage can be used to audit the roles on Segregation of Duty conflicts and granting too broad access rights. This check is done on the AGR_125x tables. It comes with a pre-defined SoD ruleset. Because transaction code access and authorization access is checked seperately, inconsistencies in roles can be found. Other features include analysis of deviations between master and derived roles; statistical error reporting such as overwritten organizational values; unused roles; user types, manual and changed authorizations, etc.

CSI Role Build & Manage can be used to maintain SAP users in an efficient way by:

  • Synchronizing users between CSI Role Build & Manage and SAP;
  • Password resets for SAP user IDs (including emailing of the user ID credentials to the end users);
  • Locking and unlocking SAP users from CSI Role Build & Manage;
  • Mass creating SAP user IDs with automatic generated passwords and emailing to the users.

CSI Role Build & Manage's SAP License audit functionality gives insight into the correct assignment of the SAP user licenses. Multiple pricelists and cross-system overviews are possible.


Efficient (ROI)

  • Build up to 10.000 roles in one day
  • Automation replaces manual work
  • Design documentation is input for automated role building

Effective Security Improvements

  • Roles are streamlined (cross-system)
  • Grouping of business units is done automatically
  • Context is known (for Security Intelligence)
  • Continuous monitoring for errors in roles

Business Enabler

  • Simplify your job roles and obtain transparent SAP roles
  • Facilitate business empowerment and data governance
  • Fast integration in case of mergers or de-mergers
  • Re-use requirements for new SAP systems (CRM, SRM, …)
  • Fast access implementation of SAP in new countries
  • Fast authorization implementation of new modules in SAP