5 tips for making life easier as a Security Admin

by Stephen DuBravac

I just spent a week talking with some of the leading access management gurus in the industry. Clearly, security administrators have a tough job – always caught in the middle between auditors who require a policy of least privilege and operations who want trust to be the operating paradigm. 

One of the biggest headaches administrators deal with has to do with users hitting an authorization issue inside SAP. These issues are often both ambiguous and urgent, they leave end users frustrated and usually lead to hours of work for admins who would rather be focused on more interesting projects than researching an issue.

Given SAP's authorization model and the enormous technical and organizational changes that are always happening within an enterprise, these authorization incidents aren't going away any time soon. To help beleaguered admins, here's five quick tips – we’d love to hear from you as well if you have a favorite tip or two that has helped to streamline your authorization incident management process:

1. Provide policy guidance at the point of ticketing: Too often users don’t know if their access challenge is an IT configuration issue or an auditor-driven policy issue. Helping them to understand which can help them escalate their issues effectively – and cut down on the distractions hitting the IT team.

2. Automate ticket creation and data collection: One of the biggest hassles with resolving an SAP authorization issue is getting the information you need from a non-technical user.  By automating the ticket creation processes you make it easier for an end user to inform you of their specific issue.

3. Automate status reporting: Automate ticket status reporting and end users are able to answer their own questions rather than contacting admins to check on the status.

4. Recommend workarounds: Instead of making end users sit on their hands and risk impacting the business and IT customer satisfaction scores, give users recommendations for working around the issue. If the risk is low for a particular access issue, then users know about other users on their team who have the proper access. Of course, these recommendations should be configurable, so those recommendations aren’t providing tips for how to work around security controls.

5. Recommend roles: Instead of admins starting from scratch to determine whether an issue is due to role design, a missing role assignment, or the configuration of a role’s authorization objects, give them recommendations.

We’ve been doing a lot of work to cut down on the work admins have to do manually, so if you would like to learn more about how one of our solutions can help implement these tips (and several more) quickly, click here.

Coming up we will post some ideas on how a streamlined authorization incident management process can help end users as well.

Related Topics