top of page

Optimizing SAP access rights management to improve organizational efficiency



In the Belgian branch of a large international group, SAP access rights were managed without a clear methodology.


Whenever employee rights needed to be granted or modified, the IT team was called upon. This not only distracted IT professionals from their primary tasks but also placed the responsibility of rights management on them, despite their lack of insight into the reasons behind the requests.

The IT team operated based on standard criteria, simply responding to requests without further questioning, resulting in numerous anomalies:
Department heads received only partial access rights while interns sometimes had excessive permissions (such as firefighter roles).
- Employees who changed positions retained access rights from their previous roles and did not receive the appropriate new ones.


For financial control, this led to significant issues with task segregation, such as the same person being responsible for making payments, controlling, encoding, and validating them.


Nassim Ghorafi, the internal controller appointed by Altesia, who had other missions in parallel within this company, delved into the detailed documentation provided by the group to understand the logic of the software. Indeed, apart from the IT team, no one in the various departments knew exactly how SAP worked and could assist him.

After this exploration, the Altesia expert turned to the IT team to understand how they had managed different requests so far. A matrix of needs by function had been created but it dated back to the implementation of SAP and had never been updated. The IT team also provided a multitude of notes and screenshots, which the expert had to compile into a single document. "There were little papers here and there. I put everything back together, like a puzzle," he said. All this information and documentation allowed him to assess the utility and importance of rights by function and to prioritize them as essential, useful, or unnecessary.

"There were little papers here and there. I put everything back together, like a puzzle."

Nassim Ghorafi, Finance Consultant at Altesia

Meetings with the heads of the various departments then helped to verify the relevance of this hierarchy.


Altesia_Nassim Ghorafi

Nassim Ghorafi created a new rights matrix. He cleaned the existing rights, which inevitably generated discontent among managers who previously had rights unnecessary for their functions. The expert's soft skills were very useful in explaining the reasoning and calming the situation.

The expert also trained the managers on the Fiori program, an interface that allows non-IT personnel to access the SAP rights system. It is now the managers who manage the rights of their team members, not the IT pool. The manager simply needs to copy the corresponding code from the general matrix into Fiori to automatically grant all rights associated with a new employee's function. It is now up to the various managers to "clean" the rights associated with their team members. So far, the feedback has been positive.

bottom of page