Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOD evaluation for SAP

Go to solution
shivmano
Regular Contributor III
Regular Contributor III

‎06/14/2024 07:26 AM

Hi Team - 

I am trying to understand the logic on how Saviynt evaluates SOD in request for SAP. We have SOD risks configured and the functions are updated with objects (Tcodes, and auth object details)

we are even able to see the SOD conflicts when we request few roles. But, not able to exactly identify what parameters are considered to identify a SOD conflict between 2 functions in a risk. For Non-SAP, it is just entitlements and easy to identify. 

Can someone advise the logic for SAP SOD risks?

Thank you 

Labels:
0 Kudos
1 REPLY 1

Go to solution
rushikeshvartak
All-Star
All-Star

‎06/14/2024 11:56 AM

In Saviynt, the evaluation of Segregation of Duties (SOD) conflicts for SAP involves checking specific parameters that go beyond simple entitlement comparisons. The key elements considered in the SOD conflict evaluation for SAP are:

  1. Transaction Codes (Tcodes): These are the SAP transaction codes that users execute. If two functions within an SOD risk contain conflicting Tc** Authorization Objects**: These are security objects in SAP that control access to various functionalities. The evaluation includes checking if the same or conflicting authorization objects are assigned across different roles or profiles.

  2. Authorization Values: These are the specific values within authorization objects. Even if two roles have the same authorization object, differing values can determine if there is a conflict.

  3. Role Assignments: The system checks the roles assigned to the user and identifies if any combination of roles leads to an SOD conflict based on the defined SOD risks.

  4. Function Definitions: Functions are typically defined as sets of activities (transaction codes and authorization objects) that a user should not perform simultaneously. The system evaluates if the roles being requested give the user the ability to perform these conflicting activities.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC