SAP - TINET - Tarragona Internet

Chapter 6

Access Control and the

Role of Roles

In This Chapter

Understanding access control

Defining roles

Getting IT and business people to talk to each other

Discovering the SAP approach to access control

I

n Chapter 5, we discuss how fraud can occur where duties are not clearly

segregated. To minimize fraud, companies need to wisely segregate the

duties of employees. And to segregate duties, companies rely on roles and

access control.

The concepts behind these terms are simple. Everyone in the company should

have a well-defined role that minimizes the opportunity for fraud. And when an

employee needs to access a computer system, access controls need to be in

place that allow the employee to access only what he needs to do to perform

his job: nothing more, nothing less. In this chapter, we look at these concepts

in-depth. We also discuss how roles can wind up being much more complicated

and difficult to manage than you might expect. We also take a look at the SAP

solutions for access control.

Understanding Access Control and Roles.................................................

Employees perform their duties once they are logged into the system, but it’s

also vital to monitor howthey get there. Most companies have thousands of

users. Each user has one or more role. Each role has access to a certain

number of transactions in the system. Many companies have more than one

system to which users have access. Each of these systems have hundreds of

screens, with multiple transactions. All this adds up to a massive number of

places where segregation of duties violations can occur — hundreds of thou-

sands, in fact.