1. Non-SAP:
• Refers to functions or access controls that are outside of SAP systems.
• This might include permissions for applications like Active Directory, databases, or custom applications where SoD risks still exist but are not SAP-specific.
• Non-SAP function types in an SoD ruleset are used to identify conflicts between roles, permissions, or entitlements in non-SAP applications, ensuring that these are flagged and mitigated.
2. SAP:
• This type is used for SAP-specific functions within the SoD ruleset.
• It includes functions related to SAP roles, profiles, or authorizations that could create SoD conflicts within SAP applications like SAP ERP or S/4HANA.
• For example, a rule might prevent a user from having both “AP Invoice Processing” and “AP Payment Processing” in SAP, as having both would create a conflict. The SAP function type makes it clear that these functions apply only to SAP-specific access.
3. SAPGROUP:
• SAPGROUP is a higher-level grouping of SAP functions within the SoD ruleset.
• It enables grouping similar SAP functions under one category, making it easier to apply SoD rules to broader sets of SAP roles or actions.
• SAPGROUP function types help enforce SoD by simplifying the ruleset when similar functions can be grouped together, reducing complexity and avoiding repetitive rule definitions.
Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
