Expand +



Past-to-Present SAP Access Management Best Practices

Panelists: Sumit Sanga, Stephen DuBravac
Date: Tuesday, December 5th
Time: 12:30 pm ET
Duration: 60 minutes
Sponsor: Security Weaver

What do you do when what used to be acceptable is no longer adequate? How efficiently is your organization managing SAP ERP access and role-design? How pleased are your auditors with the control and reporting you offer? How pleased are your users with the processes they have to follow to get and retain access? How easy is your role architecture to maintain? How much time does your company spend managing theoretical and academic risks versus real and imminent risks?

How these questions are answered go a long way to determining whether the latest advances in SAP ERP access management are being followed, if the old best practices are starting to get in the way, or if access management has never been a competency.

Join this live Q&A session with SAP and Security Weaver experts Sumit Sanga and Steve DuBravac to get answers to your questions on the current and emerging best practices for SAP ERP access management and role design. They will be discussing questions such as:

  • How has access management changed over the years?
  • Does sampling still play a role in SAP access audits?
  • What are best practices for SAP access risk mitigation?
  • What are some best practices for simplifying role designs?
  • Are preventative controls still considered the best way to govern access?
  • How have the roles of IT, Audit, and Business users changed over the years with respect to access management?

Please come with your own questions to discuss and learn how best practices have changed over the last 25 years for companies running SAP. 

Enter your email to view this Q&A:


An email has been sent to:


Please log in to post a comment.


12/5/2017 12:58:51 PM

What are the disadvantages of using the BRM in AC? Can we use Business Roles without implementing BRM just so End user can familiarize their roles?


12/5/2017 12:54:04 PM

Are other companies using FIORI Mobile Access Request Approval? Is it user Friendly? Can they Approve and reject requests through FIORI?


12/5/2017 12:45:11 PM

We currently use a role design of simple roles (master and derived) grouped into composite roles. We are currently planning a role re-design, and considering large job roles (simple, not composite), with only a few smaller, critical access roles to be assigned to only limited users. Any comments for or against this plan?


12/5/2017 10:25:35 AM

Best practices for Ownership of Risks and automated risk library approvals. Is it better to have ownership at Risks? but since there are shared functions between risks how can that work with workflow approval?