Top 10 Q/A: Authorization Process Manager



Authorization Process Manager


Our Authorization Process Manager tool has now been around for more than 13 years and served hundreds of international customers. Throughout the years we have been constantly developing it, and the feedback we have received from our many customers have been invaluable in order to build the most efficient tool for testing authorizations. We have collected 10 of the most common and relevant questions regarding Authorization Process Manager and crafted this blog post for you to learn about the more technical functions of APM.

1. Does APM support authorization errors discovered in Fiori Launch Pad?

  • APM supports simultaneous Fiori authorization error reporting as well as error correction in both layers. This means that when a tester is testing through the Fiori Launchpad and is stopped by an authorization error, the tester can report the error directly from the Fiori Launchpad and hereafter update the missing access, thereby enabling the continuation of the test. Errors from both layers will be forwarded and registered in the APM Cockpit.

2. How long does it take for you to get an authorization error reported, corrected and tested?

  • Testers can execute the test from the initial screen of SAP, from the Fiori Launch Pad or from the test screen delivered from APM. If facing an authorization error, the tester simply uses the relevant APM SU53 error report dedicated for the test-user to report and update the error. After a 10-15 second break entering the error description, APM automatically updates the test-user privileges and the tester continues the functional testing.

3. Is it possible to test authorization in a productive environment?

  • It is possible to allow singled-out users to be able to update authorization errors blocking their daily work in production. All updates will be monitored, and real-time email notification can be activated. The restriction functionality can even reduce the scope and ability to update access, reducing the user to only report missing access. This concept has been utilized by a number of our customers to eliminate the use of SAP_ALL or wide support roles in production
Authorization Process Manager TOP 10 Q/A

4. Can I restrict what a user(s)/test-user(s) can update in roles assigned to own user?

  • The restriction functionality can reduce the scope and ability to update access, reducing the user to only report missing access or if restricted only report the error identified. It is possible to restrict on Object Class, Objects, Transaction code, Organisational level and Field values on the specific client being tested on. Restrictions can be useful when designing the different test phases – e.g. when needing to restrict the update possibilities in a user acceptance test compared to the initial role unit testing being less restrictive.

5. Can the administrator be notified when user(s)/testuser(s) updating access in their personal test container?

  • Notifications can be configured to enable emails to be sent to administrators (responsible users) when updates to the test container is performed by any user. In larger scale test cycles this might not be relevant (due to the number of errors being reported) but supporting test in different time zones or production usage of APM email notification can be helpful.

6. Can I use APM in productive environment and replace SU53 with APM_SU53?

  • APM supports the standard process, routing authorization errors from productive users experiencing inadequate privileges in their daily tasks in SAP. APM will efficiently collect the relevant data directing the error message to the SAP Compliance Team for further investigation. In particular, organizations with operations across time zones and with a central SAP Solution Centre will benefit from the structured, documented and efficient error-handling process. Productive users will not be able to update their access, only report authorization errors.

7. Is APM interfacing the module Access Control so potential new SoD conflicts etc. will be reported if occurs during test container update?

  • No – preventive check in Access Control is disabled when the APM-test container role is updated. If new SoD conflicts occurs analysing an update on a user’s APM Test Container the SoD will be identified when updating the business role and processing a risk report in Access Control.

8. What to expect in terms of time reduction using APM compared to the standard process?

  • A huge reduction in the effort of testing can be expected – up to a 75% reduction in time spent by testers. Furthermore, it offers the potential for saving an entire test cycle since authorization tests can be performed along with integration test. Furthermore, the authorization team can save time in the design and build phase of the roles as well of administration of the test being executed. Some customers report that the elimination of the frustration among the testers dealing with authorizations errors and the satisfaction of a smooth test run is the key value.

9. Can I monitor the test and deliver reports in real-time?

  • The reporting module delivers a sub-set of reports giving the real-time status of the test being executed and enable download of all error-related information for documentation purposes. The reporting supports information about the technical details about the errors being reported as well as similar issues. Project management is supported by test execution overview and other status reporting options supporting validation of the progress as well as the quality of the test.

10. What is the difference between APM Error Reporting and One-click?

  • When a tester is facing an authorization error two options for updating can be configured for the individual test user. The user can have the option of reporting the error specifying test case ID, test case number and leave a comment for the authorization team followed by submitting the form and continuing the test. The alternative is the One-click. Here the tester, when facing an authorization error, goes one step back push the “One-click” reporting button and APM will make the update in the background and restart the transaction code getting the tester ready to continue testing

Follow us on LinkedIn and get instant access to our latest articles and posts on SAP and compliance.

Segregation of Duties

Interested to learn more….?

We always look forward presenting Authorization Process Manager to present customers, possible new customers, partners and network. So, if you want to learn more, have questions or would like to see a live demo of CN Authorization Process Manager please contact us.

Contact us!

    I hereby consent to my personal data being collected, processed, and used for the purpose of processing my inquiry. I may revoke my consent anytime without stating my reasons for doing so. More information can be found in our privacy policy.

    Rufen Sie uns an
    +49 6173 3363 000

    Schreiben Sie uns


    Find your way to our office in Denmark

    Google Maps

    Mit dem Laden der Karte akzeptieren Sie die Datenschutzerklärung von Google.
    Mehr erfahren

    Karte laden

    Meet the Team