As access rules grow in complexity, SAP’s standard role-based authorization model is reaching its limitations. One-off role derivations have created a “role-explosion” – adding complexity and overhead to role management. And enforcing access controls beyond a user’s role, down to a field-value level, requires unscalable customizations.
SAP ERP Central Component (SAP ECC) and S/4HANA leverage static roles to govern access. These roles have reached their limitations in a dynamic workplace because static roles do not leverage contextual attributes. In addition, static roles remain in-tact as users move around the organization and change their job scope. Unless constantly provisioned, static roles can quickly become outdated, leaving an organization exposed to potential risk.
Appsian enables organizations to align data governance and business policies. By extending existing static roles with attribute-based controls, access can be dynamically managed. In addition, access deemed risky (based solely on context) can be restricted.
Appsian takes a data-centric approach to security and compliance. A data-centric security model allows you to align security policies to your business requirements and limit the exposure of sensitive data and transactions. We start at the foundation – your core SAP ERP data and transactions – and add attribute-based access controls and user activity logging and analytics, so you have better visibility into who is accessing and potentially changing your data.
Appsian allows you to restrict access to sensitive data and transactions if the context is suspicious. For example, user attributes, data attributes, activity type, IP address, user location, time of day, amount of money transacted, the number of transactions, user activity trends, and segregation of duty.Learn More
For customers using SAP GRC, Appsian can extend existing access control policies, and enhance reporting capabilities. Appsian overlays GRC and leverages what you already deployed to protect your organization.Learn More
With Appsian, you can choose to mask (fully or partially), block, or redirect access to sensitive data fields across the application using a single policy. Click-to-View field masking prevents unnecessary exposure of sensitive data while still allowing users to view data with expressed intent. Reducing the exposure of PII and other sensitive data improves your regulatory compliance.Learn More
Customers can reduce the amount of acceptable risk by using granular access controls to strengthen field and transaction-level security. You can block malicious activity in real-time and manage privileges by placing limitations on who can access an application, from where, when, how they can access it, and what they can do with it.Learn More
Looking for more in-depth information? Review our resources on data security, compliance, threat protection, and more.