Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

SOD evaluation for SAP

shivmano
Regular Contributor III
Regular Contributor III

Hi Team - 

I am trying to understand the logic on how Saviynt evaluates SOD in request for SAP. We have SOD risks configured and the functions are updated with objects (Tcodes, and auth object details)

we are even able to see the SOD conflicts when we request few roles. But, not able to exactly identify what parameters are considered to identify a SOD conflict between 2 functions in a risk. For Non-SAP, it is just entitlements and easy to identify. 

Can someone advise the logic for SAP SOD risks?

Thank you 

1 REPLY 1

rushikeshvartak
All-Star
All-Star

In Saviynt, the evaluation of Segregation of Duties (SOD) conflicts for SAP involves checking specific parameters that go beyond simple entitlement comparisons. The key elements considered in the SOD conflict evaluation for SAP are:

  1. Transaction Codes (Tcodes): These are the SAP transaction codes that users execute. If two functions within an SOD risk contain conflicting Tc** Authorization Objects**: These are security objects in SAP that control access to various functionalities. The evaluation includes checking if the same or conflicting authorization objects are assigned across different roles or profiles.

  2. Authorization Values: These are the specific values within authorization objects. Even if two roles have the same authorization object, differing values can determine if there is a conflict.

  3. Role Assignments: The system checks the roles assigned to the user and identifies if any combination of roles leads to an SOD conflict based on the defined SOD risks.

  4. Function Definitions: Functions are typically defined as sets of activities (transaction codes and authorization objects) that a user should not perform simultaneously. The system evaluates if the roles being requested give the user the ability to perform these conflicting activities.


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.