SAP Security & GRC

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this episode, Ross Robertson, SAP Senior Authorisations Consultant at Soterion, walks through how to convert an authorisation field into an organisational level field within SAP role design – and explains exactly why this matters for centralised, scalable authorisation management. 🔑 Key Takeaways: The difference between authorisation fields and organisational level fields in SAP Why org level fields enable centralised maintenance across multiple authorisation objects within a role How org levels behave independently in parent and derived role designs – protecting child role values from being overwritten How to convert an authorisation field to an organisational level using SAP’s built-in functionality Practical business case using movement type (BWART) in a goods movement role If you work with SAP role design, authorisations, or GRC and want to streamline how you manage authorisation values across derived roles, this episode is for you. 👥 Featuring: Ross Robertson – Senior SAP Authorisations Consultant, Soterion 

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  In this episode, Ross Robertson and Wehmeyer Ferreira, SAP Senior Authorisations and Security Consultants at Soterion, walk through how to use the Legacy System Migration Workbench (LSMW) to perform mass maintenance of data subjects in SAP – specifically focused on bulk role deletions within the authorisations space.  Key Takeaways: What LSMW is and how it fits into SAP authorisations administration How to set up and configure an LSMW recording for batch processing How to perform mass role deletions across hundreds of roles using a structured input file How to review batch results and handle errors after execution Why LSMW is a time-saving alternative to manual PFCG processing  If you are managing SAP role administration, authorisations, or security and looking to reduce manual workload through automation, this episode is for you.  Featuring: Ross Robertson – Senior SAP Authorisations Consultant, Soterion Wehmeyer Ferreira – SAP Senior Authorisations and Security Consultant, Soterion  Connect with Soterion:  More Podcast Episodes: https://soterion.com/podcast/ Website: https://soterion.com/  LinkedIn: https://www.linkedin.com/company/soterion/  

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  In this session Ross Robertson focuses on the creation, maintenance, and administration of Fiori Spaces and Pages, which determine how SAP Fiori applications are organised and presented to end users. 🔑Key Takeaways:  • Fiori Spaces are the top level of the Launchpad structure and are used to organise business functions for end users. • Pages and Sections help structure apps within a Space, making it easier for users to navigate and access the tools they need. • Fiori Tiles are placed inside Sections and represent the individual applications users interact with. • Keeping configurations lean and well-structured improves SAP Fiori Launchpad performance and reduces load times. • Both Fiori Catalogues and Spaces must be assigned to roles to ensure users can access the correct apps in the Launchpad. Through this walkthrough, viewers gain a practical understanding of how to configure Fiori Spaces and Pages effectively, ensuring users can quickly access the applications they need while avoiding performance issues caused by over-allocation of tiles and target mappings.  Don’t miss out on insights from: Ross Robertson – Senior SAP Authorisations Consultant - Soterion   For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.In this short, practical session, Ross Robertson will walk through how to create a custom SAP Fiori catalog to give users access to specific apps, tiles, and target mappings — using SAP-recommended best practices.Key takeaways:· An overview of SAP Fiori catalogs and their role in authorisation and UX· How to create custom catalogs using Fiori Content Manager· Why SAP technical catalogs should be used as references· How to identify the correct tiles and target mappings via the SAP Fiori App Library· A simple but critical service check to prevent broken navigation and OData issuesDon’t miss out on insights from industry expert:· Ross Robertson – Senior SAP Consultant - SoterionFor more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  In this session, we walk through a practical, real-world demonstration of how SU24 authorization defaults and SU24 variants can significantly reduce manual maintenance when building SAP roles.  Using the widely-used MIGO transaction as an example, we show you how different business processes (such as Goods Receipts and Goods Issues) often require different movement types — and how SU24 variants make it possible to standardise and automate these differences cleanly. What you’ll learn from this episode: 🔹 How SU24 authorisation defaults work and why they’re essential for effective SAP design, with a low support burden. 🔹 The problem with repeated manual maintenance when using MIGO across             multiple roles 🔹 How to create and transport SU24 variants for different business scenarios 🔹 How variants ensure consistency across role builds while reducing effort and        risk 🔹 A step-by-step walkthrough of building two roles using variants for GR and GI  Don’t miss out on insights from: Emile Steyn - Business Unit Manager – Soterion Benelux Ross Robertson –  Senior SAP Authorisations Consultant - Soterion  

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  In our latest technical series episode, we unpack one of the most important building blocks in SAP authorisations: single roles. Our experts explore the different ways organisations design single roles to balance provisioning efficiency, SoD risk reduction, and long-term maintainability.  Key Takeaways:  🔹 The difference between task/functional roles and value/enabler roles 🔹 Why some companies prefer job-role-based design for easier provisioning 🔹 The hidden pitfalls of job roles — including SOD risk and over-allocation 🔹 How parent & derived roles simplify maintenance across large landscapes 🔹 The role methodologies that influence risk, licensing and long-term scalability  Don’t miss out on insights from:Emile Stey -  Business Unit Manager – Soterion Benelux Cameron Mattison –  Senior SAP Authorisations Consultant - Soterion  Ross Robertson –  Senior SAP Authorisations Consultant - Soterion   For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In our latest technical podcast episode, we dive deep into a crucial piece of the SAP authorisation puzzle — authorisation default values. You’ll discover: How authorisation defaults determine which checks are performed during transaction execution The difference between SAP standard defaults (SU22) and customer-specific defaults (SU24) How to handle complex transactions like MIGO with multiple business functions Why fine-tuning these defaults helps avoid over-assignment and license exposure  Don’t miss out on insights from industry experts:Emile Steyn, Business Unit Manager – Soterion Benelux Ross Robertson – Senior Consultant - Soterion  For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  Introducing Our Technical Series: The Building Blocks of SAP Role Design. In the first episode of our new Technical Series, we unpack the foundations of SAP authorisations — what they are, how they function, and why they matter.   In this episode, we explore: The different ways users access functionality in SAP (transactions, Fiori apps, RFCs, etc.). How authorisation objects and field values govern access at a granular level. The link between authorisation precision and license optimization. Why aligning authorisations with business objectives is key to secure, efficient operation.  Don’t miss out on insights from industry experts: Emile Steyn, Business Unit Manager – Soterion Benelux Ross Robertson – Senior SAP Consultant - Soterion  For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. As organisations move to S/4HANA and SAP Cloud ERP Private (RISE with SAP), the question of job role standardisation has never been more important. The debate: Do the benefits of job role standardisation outweigh the drawbacks?   In our latest episode, we explore: The advantages of job role standardisation (simplified onboarding, governance, cost savings) The pitfalls (over-assignment, increased SoD risks, inflated license costs) Why SAP’s new STAR measurement program changes the game — making license costs a critical consideration Practical recommendations for organisations planning their S/4HANA journey Don’t miss out on insights from industry experts: Roy Mutsaers, Director – axl & trax  Dudley Cartwright, Managing Director - Soterion Emile Steyn, Business Unit Manager – Soterion Benelux  For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.  One of the biggest challenges in managing SAP access risk is getting the business to take ownership. In this episode, we explore: Why business users often don’t engage with access risk The role of process design and education How technology can empower business ownership And the rising impact of SAP license visibility  Whether you’re in audit, risk, IT or compliance—this is one you’ll want to share with your business stakeholders.  We are joined by Soterion experts: Emile Steyn, Business Unit Manager - Benelux Cameron Mattison, Senior Authorisations Consultant For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this episode we engage in insightful conversation on why Policies and Procedures are more than just compliance checkboxes - they’re business enablers.  Whether you’re starting from scratch or updating existing Policies and Procedures documentation, this episode is packed with relatable stories, expert tips, and pragmatic advice to help you drive better control, faster approvals, and greater business buy-in. We are joined by the following industry experts: Andreea van Haaren, EY Sweden Emile Steyn, Soterion  For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Emile Steyn – helping you on your journey to effective access risk management in SAP. In our latest podcast, we discuss the complexities of SAP licensing, the big shift with SAP Named User Measurement, and provide actionable strategies to tackle these challenges. SAP licensing is undergoing a major transformation, and understanding these changes is critical for organisations moving to S/4HANA, whether on-premise or on RISE with SAP.  We are joined by the following industry experts: Nikolaj Gontcharenko, Director Technology Consulting Ross Robertson, SAP Senior Authorisations ConsultantFor more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Emile Steyn – helping you on your journey to effective access risk management in SAP. The topic of discussion for this episode is - Navigating the RISE with SAP Migration How can we streamline the Role Design and also make use of Fiori Spaces and Pages to help us with compliance resilience.  We are joined by the following industry experts: from BDO: Jeroen Basten, Partner, BDO Aditya Chordia, Associate Director, BDO Ross Robertson, SAP Senior Authorisations Consultant, Soterion   Disclaimer: The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute professional advice and should not be relied upon as such. Specific professional advice about your specific circumstances should always be sought separately before taking any action based on this publication. BDO LLP shall not be liable for any reliance placed on the contents of this publication. For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Emile Steyn – helping you on your journey to effective access risk management in SAP. In this episode, we explore Fiori adoption in the context of S/4HANA conversions and Greenfield implementations. We also share key insights from our latest projects.  Industry experts from Soterion share their insights: Ross Robertson, Senior SAP Consultant Emile Steyn, Business Unit Director, Benelux 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  In today's episode we will be discussing the importance of effective controls in the organisation. We’ll be joined by industry expert:   Emile Steyn from Soterion For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Emile Steyn – helping you on your journey to effective access risk management in SAP. The topic of discussion for this episode is - unlocking compliance with UK corporate reforms by quantifying financial exposure of Segregation of Duty risks.   We are joined by the following industry experts from BDO:  Jeroen Basten, Partner  Aditya Chordia, Senior Manager  Disclaimer: The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute professional advice and should not be relied upon as such. Specific professional advice about your specific circumstances should always be sought separately before taking any action based on this publication. BDO LLP shall not be liable for any reliance placed on the contents of this publication. For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP. In this episode, we discuss the common challenges organisations face during User Access Reviews and share key considerations to enhance this control activity.  We are joined by the following industry experts: Monray Williams from CGS Emile Steyn from Soterion  For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.We have changed things up for this episode. We are bringing you feedback recorded live at SAPinsider's flagship event in Las Vegas, where we connected with customers, forged new partnerships, and showcased our cutting-edge GRC software to SAP security and GRC delegates.We caught up with some of our customers, and we also asked delegates for their thoughts on Soterion’s access control functionality. Listen to this episode to hear what they had to say.For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Listen to the SAP Security & GRC podcast with host Emile Steyn – helping you on your journey to effective access risk management in SAP.In this episode, we discuss the security risks and opportunities associated with SAP S/4HANA transformations.The conversation highlights common mistakes made during these transformations and emphasises the need to integrate security and compliance into strategic decisions early on.We’ll be joined by the following industry expert:Marco Hammel from NO MONKEYFor more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.   Soterion’s GRC Trends Report documents four pivotal insights and predictions that we believe will shape the future of GRC. You are welcome to download a copy of the report from our website https://soterion.com/soterion-resources/.   Our podcast will include a 4-part series to cover each prediction in more detail. In this episode, we will discuss one of these predictions - The Rise of the Hybrid IAM/GRC Model   We’ll be joined by the following industry experts:  Quintus Hougaard from Linkies Consulting  JE van Zyl from Linkies Consulting  Emile Steyn from Soterion 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  This episode is one of a 4-part series based on Soterion’s GRC Trends Report. We dive deeper into one of the four predictions that we believe will shape the future of GRC in SAP – How the drive towards standard business processes will cause a widening of access.  We’ll be joined by the following industry experts:  Quintus Hougaard from Linkies Consulting Emile Steyn from Soterion  For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/ 

Watch the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP. In this episode, we will give you feedback from ASUG Tech Connect 2023.Our partner Jeremy Shinkfield from Madiba, who also attended, has kindly joined this episode to share his thoughts and insights from the event.

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  Soterion’s GRC Trends Report documents four pivotal insights and predictions that we believe will shape the future of GRC.  You are welcome to download a copy of the report from our website - Download nowOur podcast will include a 4-part series to cover each prediction in more detail. In this episode, we will discuss one of these predictions - As cloud adoption increases, clarity on ownership and risk exposure becomes blurred.We’ll be joined by industry experts:  Waseem Ajrab from NO MONKEY and Emile Steyn from Soterion

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP. Soterion’s GRC Trends Report documents four pivotal insights and predictions that we believe will shape the future of GRC. You are welcome to download a copy of the report from our website download. Our podcast will include a 4-part series to cover each prediction in more detail.In this episode, we will discuss one of these predictions - the shortage of skilled SAP security resources.We’ll be joined by industry experts:  Meindert Keuning from BRIGHT and Emile Steyn from Soterion

listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP. On this episode, we’ll guide you through the layers of The Effective GRC Pyramid, a powerful framework outlining the essential components for effective GRC.  We’ll be joined by the following industry experts:   Meindert Keuning from BR1GHT Emile Steyn from Soterion 

Listen to the SAP Security & GRC podcast with  – helping you on your journey to effective access risk management in SAP. On this episode we look at S/4Hana & Fiori. We explore the challenges organisations face when transitioning to S/4Hana & Fiori, with a focus on authorisations and security. Host Emile Steyn interviews industry experts: Vedette van Kleef from Soterion Ross Robertson from Soterion 

Listen to Soterion's SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.On this episode we’ll run through 5 typical GRC Business Objectives that are important to many organisations. We’ll be joined by industry experts:  Emile Steyn from SoterionQuintus Hougaard from Linkies Consulting

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.On this episode we discuss a role clean-up vs a role redesign. We’ll look at:The pros and cons of each  When is a good time to do either a role clean-up or a role redesignWe identify certain cases where one may be better suited than the otherWe’ll be joined by industry experts:Emile Steyn from Soterion and Quintus Hougaard from Linkies Consulting

Listen to Soterion's SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.On this episode, we explain the phrase ‘access risk is business risk’ and advise why business users are better suited to be the owners of access risk, rather than IT. We’ll also provide a list of actions to enhance business buy-in and accountability of access risk management activities.  We’ll be joined by industry experts:  Emile Steyn from SoterionQuintus Hougaard from Linkies Consulting

Listen to the SAP Security and GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  On this episode we’ll be discussing the importance of clearly defining Composite Roles and Business Roles. We also look at a few of the challenges that will come with not defining appropriate roles. We’ll be joined by industry experts:Emile Steyn from Soterion and Quintus Hougaard from Linkies Consulting 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  On this episode we’ll be discussing Organisational Level Controls.  We will answer the following questions:What is it?Why is it important to get Organisational Level Controls correct?Why is Role methodology important for Organisational Level Controls?We’ll be joined by industry expert:  Emile Steyn from Soterion 

Listen to the SAP Security & GRC podcast with host Dudley Cartwright – helping you on your journey to effective access risk management in SAP.  On this episode, we’ll be discussing the Emergency Access Management process, commonly known as the FireFighter process.   We will look at answering the following questions:What is the Emergency Access Management process?How do organisations go about setting up their FireFighter process?Which is the best methodology to use?We’ll be joined by industry expert:   Emile Steyn from Soterion 

Listen to Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, the show for people who prioritise managing access risk in their organisation and want to go about it by working smart, not hard. Episode 3: Policies & Procedures Relating to GRC and Access Risk Management ActivitiesOn this episode we’ll be discussing:* What are the benefits of having Policies and Procedures in place? * What happens if Policies and Procedures are not clearly defined or well documented? * And we’ll share a few examples with you We’ll be joined by industry expert:  Emile Steyn from Soterion

Listen to Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, the show for people who prioritise managing access risk in their organisation and want to go about it by working smart, not hard.  Episode 2: The Importance of Customising your Access Risk Rule Set in SAPIn this episode we’ll be answering the following 3 questions: * What do we mean by ‘Rule Set Customisation?’ * Why is it important? * How do you go about a rule-set customisation project? We’ll be joined by industry experts:  Quintus Hougaard from Linkies Consulting Emile Steyn from Soterion For more about Soterion visit us at www.soterion.com

Listen to Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, the show for people who prioritise managing access risk in their organisation and want to go about it by working smart, not hard.  Episode 1: Provisioning of SAP Access via an Access Control or IAM SolutionIn this episode we’ll be talking about the Provisioning of SAP Access via an Access Control or IAM Solution We’ll be joined by industry experts:  Karen Maier from DXC  Sam Bellia from Capgemini  Quintus Hougaard from Linkies Consulting For more about Soterion visit us at www.soterion.com