Segregation of Duties & Sensitive Access Analysis

Identify Segregation of Duties Access Conflicts in Minutes with an SAP SoD Matrix


Accces Analyzer featuresHaving the proper Segregation of Duties (SoD) policies in place is only one small piece of the compliance puzzle. Reporting and auditing on Segregation of Duties access in SAP® is a large, virtually impossible undertaking without the proper reporting tool. Meanwhile the need to identify potential access conflicts is required as part of the auditing process and is even the law for public companies subject to legislation.

Segregation of Duties analysis and reporting is a central feature of ERP Maestro's Access Analyzer. The User Conflict Matrix and Role Conflict Matrix are two of five key reports that use 100% of SAP user data to provide business process owners (BPOs) all the insights they need to begin the remediation process immediately.

Actionable, Business-User Friendly Reports

User Conflict Matrix

The User Conflict Matrix is a great tool for strategizing exactly how to remediate conflicts. On the left-hand side are the Segregation of Duties rules, functions and transactions being analyzed. The top right-hand pane shows users. Users are mapped within the matrix to indicate whether have access to it and have not used it (green), or if they have access to it and have actually executed it (orange).

SAP SoD Matrix

Role Conflict Matrix

The Role Conflict Matrix is ideal for role building exercises or role analysis. It highlights all of the Single and Composite roles that inherently cause conflict risks within the SAP security environment. It clearly identifies which users with access to the roles analyzed are actually executing the related transaction codes. It also goes down to the authorization object level, so it's easy to drill down for more detail.

SAP SoD Matrix

Monitor and Manage Sensitive Access

Our straightforward Sensitive Access Analysis report found within Access Analyzer provides a way to actively monitor the base of SAP® users with access to sensitive functionality for IT audit and operational purposes.

  • Maintain a list of pre-approved users with sensitive access
  • Identify any changes in the list of users with sensitive access
  • Monitor sensitive transactions
  • Can be used for role re-certification purposes


Reporting and Management is Easy...

Sensitive Access Report

With the Sensitive Access Report business users and executives can actively monitor the base of SAP users with access to sensitive functionality for audit and operational purposes. The report enables quick identification of any changes in the list of users with sensitive access. Additionally, because Access Analyzer® is monitoring sensitive transactions, users can easily see who is using and not using the sensitive functionality.
Sensitive Access Analysis

Sensitive Access Rule Management

Rule Management