123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Hardware-Software >> View Article

Use Of Abac To Streamline Sap Sod Exception Process

Profile Picture
By Author: Appsian
Total Articles: 115
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Use of ABAC to Streamline SAP SoD Exception Process

For ensuring streamlined business operations, business processes need to be secure, compliant, and reliable. In SAP, a central concept in making this possible is Segregation of Duties (SoD).

SoD Exception Scenarios

A user would also have to be given responsibilities and privileges that pose a conflict of interest. It may be that an employee is part of a small department or that others are stopped from being involved by security clearance. Whatever the cause, in a business process, this user requires the ability to handle several steps, and an exception is made.

Here's where things can get complicated. Your normal preventive controls are no longer successful if an SoD exception is made. This is a major shortcoming of static, role-based access controls of SAP.

You must now compile access logs, root out false-positives, and, eventually, submit them for analysis and sign-off to the required control holders. Detective controls create space for human error and raise the dwelling time before red flags are caught, in addition to the ...
... extra overhead of manual checks and approvals.

Current SAP SoD Control Limitations

Preventive controls are a non-starter, lacking the logical ability to decipher possible violations from real violations. Preventive SAP access controls decide permissions based on two things: 1) the role of a user and 2) the permissions associated with the role. Although this works in the vast majority of situations, implementing SoD requires controls with more granularity.

Actual SoD Violation

SoD's entire aim is to eliminate conflicts of interest in the business processes. Conflicting transactions, however, do not inherently constitute a conflict of interest unless the subject matter is the same. For instance, a user performs the transactions to create and authorize several purchase orders. Looking at the transactions themselves, the potential for infringement is present in this operation. Looking further into the PO info, you can see that the same PO was never created and accepted by the user, so no breach was made.

SAP will show you 1) the user and function, and 2) the transactions performed, but the 3rd component is missing: the values at the field-level in the PO itself. This lack of insight into attributes outside positions and permissions is what, when exceptions have been made, renders preventive controls a non-starter and clutters SoD audit logs with false positives.

SoD Policy Enforcement with Attribute-Based Access Controls

Attribute-Based Access Controls (ABAC) use "attributes" in authorization decisions. These characteristics may be anything from user information such as position, department, nationality, or even the level of safety clearance of a user. In addition, access context can be taken into account, such as IP address, location, time, device, and transaction history. And most notably, in authorization logic, data attributes can now be used for SoD. This means that SAP field-level values can be used to assess if a transaction should be blocked or authorized, and these information can be further used in reporting activities.

The combination of role-based access controls (RBAC) from SAP with attribute-based access controls (ABAC) solution allows for granular control and visibility, offering a broad range of business benefits.

RBAC + ABAC Hybrid Approach: A New Solution

In SoD exception cases, the RBAC + ABAC hybrid solution opens the possibility to implement preventive controls. Through doing so, you will give users the versatility that an exemption offers while also avoiding the occurrence of any real violations.


Together this hybrid solution (RBAC + ABAC) allows for a dynamic SoD model that avoids breaches while also enabling the flexibility of assigning conflicting roles and strengthens role-based policy to counter over-provisioning.

More About the Author

Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.

Total Views: 621Word Count: 583See All articles From Author

Add Comment

Hardware/Software Articles

1. Financial Consolidation Software: A Necessity In Today’s Complex Financial World
Author: BiCXO

2. Mobile Application Development Company: Innovating For The Future
Author: Quickway Infosystems

3. 2025's Top Choice For Casino Entrepreneurs: 7bitcasino Clone Script
Author: aanaethan

4. Online Admission Management Software
Author: Aditya Sharma

5. The Role Of Technology In Enhancing Student Retention
Author: Brenda Joyce

6. Capcut Template New Trends: A Glimpse Into The Future Of Video Editing
Author: Oliver Nash

7. Understanding Canva Mod: Is It Worth The Hype?
Author: Mason Brooks

8. How Custom Software Development Companies Are Revolutionizing Industry Solutions
Author: Digileap

9. Fintech Development Services: Catalyzing Innovation In Financial Technology
Author: Digiprima Technologies

10. Freight Forwarding Software: Revolutionizing Global Trade With Seaknots It
Author: seaknotsit

11. How Automatic Gst Compliant Invoice Generation Will Help Your Business?
Author: Bhumish Seth

12. Streamlining Prototyping With Cnc Router Technology
Author: CncRouter

13. Hp Laptop Screen Replacement In Malad
Author: Aquila IT Solutions

14. From Concept To Creation: Cnc Routers For Precision Prototypes
Author: CncRouter

15. The Benefits Of Custom Crm Development For Modern Enterprises
Author: Ashapura Softech

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: