Implementing a strong Security strategy with policy adherence is requisite to manage compliance, minimize risks and to setup a secure and efficient authorization concept with process efficiency and adoption which can be based on organizational structures; business processes and Role based Authorization Concept.
The following activities should be conducted:
• Review the implementation scope and user role report to determine the necessary project team to manage end-user role and authorization profile creation and design
• Produce an enterprise-wide role matrix, a document that describes authorizations, detailing roles and their assignments to transactions, reports, menu paths, and organizational levels
• Draft a technical design document of user roles and authorizations, providing the development details for the implementation of the roles
• Generate a user authorization strategy and management procedures, detailing the responsibilities and procedures employed for user and authorization administration
• Define the role implementation framework prototype, which is a preliminary implementation of the user role and authorization concept
Determine Scale and Scope of Authorization Requirements
The purpose of this task is to identify the impacted business areas and to confirm security requirements in each business area in the enterprise. The security requirements and control mechanisms may vary from business area to business area. For example, the HR department usually has stronger security concerns than other departments. Therefore, it is essential to identify the required security level.
Consider that different levels of security are required for the production, test, and development environments. Also, we usually have different user roles distributed across the system landscape, which might look different in respect of functionality and authorizations, depending on the system type.