Quick navigation

CSI tools

CSI Role Build & Manage for compliant and automated role building and user maintenance

CSI Role Build & Manage (CSI RBM) supports the SAP authorization processes with fully automated SAP role building. By documenting all security requirements, the application can build all SAP roles automatically. The application provides all the tools to shape the future compliant setup of your SAP authorization roles. The role maintenance is also supported with mass user and role creation, updates and deletion.

Website

Main categories

Application Security

Identity Á Access Management

Risk & Compliance

Security Operations & Incident Response

Sub categories

Secure Software Development Tools

Access Right Management

User Privilege Management

Information Security Audit and Consulting

Privacy

Security Analytics

Security Automation

SAP User Transaction History

SAP Access Governance

SAP Compliance

Segregration of Duties

Security Standards implementation

SAP Governance (SAP GRC)

SAP Roles and Profiles

Unauthorized Acces Protection & Monitoring

ERP Security

Deployment modus

On-premise

Cloud

Product

Value Proposition

Problem

SAP security can be very complex and difficult to maintain. Access should be restricted to the authorized users only, but SAP does not provide sufficient standard tools to support this.

Solution

CSI Role Build & Manage 2016 documents the organizational structure and the authorization values needed for every organizational item (department, user group, affiliate, etc.). The strength is that both organizational (company code, plant, etc.) and non-organizational values (internal order, authorization group, etc.) can be used, as well as authorization object fields which are not related to the business unit (organizational), but which have a technical restriction (functional). Reverse engineering is a unique feature ensuring a quick start. This component defines users, role assignments and builds a concept with (composite) roles. Automated translation of codification requirements and mass creation of single and composite roles are the key features. STAD data (user execution statistics) can be merged to have insight into the roles and functionalities in use enabling to remove user assignments. CSI Role Build & Manage 2016 can be used to audit the roles on Segregation of Duty conflicts and granting too broad access rights. This check is done on the AGR_125x tables. It comes with a pre-defined SoD ruleset. Because transaction code access and authorization access is checked seperately, inconsistencies in roles can be found. Other features include analysis of deviations between master and derived roles; statistical error reporting such as overwritten organizational values; unused roles; user types, manual and changed authorizations, etc. CSI Role Build & Manage can be used to maintain SAP users in an efficient way by: Synchronizing users between CSI Role Build & Manage and SAP; Password resets for SAP user-IDs (incl. emailing of the user-ID's credentials to the end users); Locking and unlocking SAP users from CSI Role Build & Manage; Mass creating SAP user-IDs with automatic generated passwords and emailing to the users. CSI Role Build & Manage 2016's SAP License audit functionality also gives insight into the correct assignment of the SAP user licenses. Multiple pricelists and cross-system overviews are possible.

Features

Automated compliant role building
Reverse engineering
Usage of master-derived roles, also on composite role level
Multi layered analysis to get insight in real risks.
Can be used on any ABAP stack SAP environment

Reduces time in role building and role maintenance
Check on risks and SOD conflict while bilding/maintaining the roles.

Supporting Technology

Works standalone the SAP system.
Unique functionality to automate complaint role building
Multiple users can work on the role maintenance simultanuously

Renting is possible for project work

Standards & Compliance

Data Protection Act
SOX