Information
Please visit our international page to see all the numbers matching your region.
Flat rate
$19 per month
Master the principles of building secure, scalable, and sustainable authorization concepts in SAP.
This expert guide explores the evolution of SAP authorizations and the increasing demand for robust authorization concepts in today’s complex business landscapes. Whether you’re starting from scratch or refining an existing model, this book walks through every phase of an authorization concept project, from preparation and design to building, testing, go-live, hypercare, and ongoing maintenance. Learn how to align technical architecture with business requirements and how to avoid common mistakes that can jeopardize even the most carefully planned projects. With a wealth of real-world insights, expert tips, and architectural best practices, this book is an invaluable resource for SAP architects, project leads, and administrators dedicated to building secure, long-lasting authorization frameworks.
Wherever in the world a company operates, there are always regulations they have to comply with in order to ensure legal activities. These regulations can relate to data protection and cybersecurity, accountability in terms of taxes and financial governance, and measures to ensure the quality and safety of products and services. All these different regulations have one thing in common—companies need a proper authorizations concept in their SAP systems in order to be compliant.
Depending on a company’s geographical region, industry, size, and legal ownership, regulations of various origins, nature and detail can apply to the systems being operated. There are generally four important types of regulations, all of which impact a company’s SAP authorization concept:
Data protection regulations such as EU-GDPR (European Union General Data Protection Regulation) or PIPL (Personal Information Protection Law) aim to protect personal data from misuse and unauthorized disclosure and distribution. Given the variety and quantity of personal data contained in any SAP system—from employee data to highly sensitive data such as that relating to people in witness protection programs—it is highly unlikely that an SAP system will not be affected by legal compliance requirements.
Whatever regulations the SAP system must comply with, most decisions regarding its exact design, the quantity and content of roles, and the assignment of roles to users all adhere to one core guideline—the need-to-know principle, also known as the principle of least privilege.
Principle of least privilege—one role per person?
A common question that arises when discussing the need to comply with the principle of least privilege in authorization concepts is: does that mean the company needs one role per person?
That would be considered impossible!
Some stakeholders point out that the variety of functions and responsibilities in their company make it impossible to reduce access, because the company is small, and everybody has many tasks, in different combinations.
Like many other areas, IT security is one where compromises between security, feasibility, and business impact need to be reached. Most companies find it impossible to create, assign and maintain an authorization role strictly containing one employee’s rights in order to comply 100% with the principle of least privilege. Most companies, however, are able to describe the positions that perform certain processes and identify the tasks that belong to that position’s responsibilities. These two levels, the position and the task are key concepts in the overall role structure.
Risks indirectly relating to an end user’s business activities refer to the associated IT components—software, customizing, parameter settings, connectivity with other systems, the patching strategy applied, or the overall vulnerability management. In addition, these regulations affect the administration of SAP systems up to their authorization concept.
Regulations relating to financial and operational compliance aim to prevent fraud and minimize consumer risks. Fundamentals such as the principle of completeness and erasure prohibition (restricting the deletion or removal of data) in accounting tasks need to be observed without any compromises. This has very clear implications for a company’s authorization concept.
DORA regulation—need-to-know principle
Article 21 of the Digital Operations Resilience Act (DORA) states that “access rights to information assets, ICT assets, and their supported functions, and to critical locations of operation of the financial entity, are managed on a need-to-know, need-to-use and least privileges basis, including for remote and emergency access” (Commission delegated regulation 2024/1774 with regard to 2022/2554 of the European Parliament and of the Council of 14 December 2022).
The learning content is designed for anyone who wants to build SAP knowledge in a simple, concise, and practical way. Our learning platform offers content for beginners, intermediate learners, and experts. This lets you expand your knowledge step by step and continuously develop into an SAP expert.
Whether books, videos, or online trainings: our products teach SAP knowledge in a concise and practical way, so you can integrate it directly into your day-to-day work even if you have limited time. You benefit from broad coverage of relevant SAP topics, high-quality content in four languages, and learning formats tailored to your individual needs. This helps you stay up to date and continuously build your expertise.
Our books stand out for their strong practical focus and concise, easy-to-understand presentation. We explain complex SAP topics clearly and directly—without unnecessary marketing buzzwords. This helps readers get to the point quickly and apply the knowledge right away.
You can return our printed books within 14 days in their original condition, at your own expense.
At the moment, direct book shipping is only available within Germany. For book orders outside of Germany, we recommend purchasing via Amazon. You can find the link in our webshop by clicking “Buy e-book” on the product page. On Amazon, you’ll then see both the e-book and print editions available for purchase. You can access all content starting at $19 per month with our Digital subscription.
Our team is always happy to help and will respond to your questions as quickly as possible (usually within 1–2 days). You can also contact us if you have questions for one of the authors. Email: contact@espresso-tutorials.com
.jpg)