Quick navigation

CSI tools

CSI Role Build & Manage for compliant and automated role building and user maintenance

CSI Role Build & Manage (CSI RBM) supports the SAP authorization processes with fully automated SAP role building. By documenting all security requirements, the application can build all SAP roles automatically. The application provides all the tools to shape the future compliant setup of your SAP authorization roles. The role maintenance is also supported with mass user and role creation, updates and deletion.
Value Proposition

Problem

SAP security can be very complex and difficult to maintain. Access should be restricted to the authorized users only, but SAP does not provide sufficient standard tools to support this.

Solution

CSI Role Build & Manage 2016 documents the organizational structure and the authorization values needed for every organizational item (department, user group, affiliate, etc.). The strength is that both organizational (company code, plant, etc.) and non-organizational values (internal order, authorization group, etc.) can be used, as well as authorization object fields which are not related to the business unit (organizational), but which have a technical restriction (functional). Reverse engineering is a unique feature ensuring a quick start. This component defines users, role assignments and builds a concept with (composite) roles. Automated translation of codification requirements and mass creation of single and composite roles are the key features. STAD data (user execution statistics) can be merged to have insight into the roles and functionalities in use enabling to remove user assignments. CSI Role Build & Manage 2016 can be used to audit the roles on Segregation of Duty conflicts and granting too broad access rights. This check is done on the AGR_125x tables. It comes with a pre-defined SoD ruleset. Because transaction code access and authorization access is checked seperately, inconsistencies in roles can be found. Other features include analysis of deviations between master and derived roles; statistical error reporting such as overwritten organizational values; unused roles; user types, manual and changed authorizations, etc. CSI Role Build & Manage can be used to maintain SAP users in an efficient way by: Synchronizing users between CSI Role Build & Manage and SAP; Password resets for SAP user-IDs (incl. emailing of the user-ID's credentials to the end users); Locking and unlocking SAP users from CSI Role Build & Manage; Mass creating SAP user-IDs with automatic generated passwords and emailing to the users. CSI Role Build & Manage 2016's SAP License audit functionality also gives insight into the correct assignment of the SAP user licenses. Multiple pricelists and cross-system overviews are possible.

Features

  • Automated compliant role building
  • Reverse engineering
  • Usage of master-derived roles, also on composite role level
  • Multi layered analysis to get insight in real risks.
  • Can be used on any ABAP stack SAP environment
  • Reduces time in role building and role maintenance
  • Check on risks and SOD conflict while bilding/maintaining the roles.
Supporting Technology
  • Works standalone the SAP system.
  • Unique functionality to automate complaint role building
  • Multiple users can work on the role maintenance simultanuously
  • Renting is possible for project work
Standards & Compliance
  • Data Protection Act
  • SOX
Customers
Downloads

Video(s)