Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
7 January 2015

Unlocking Management Information - Part 4

The final principle of secure and compliant data provisioning is: only present the reports to correct groups of users.

Again, this seems an obvious principle which many of us in the security space take for granted, but it is a common occurrence for Management Information programmes to focus on the functional split of data and associated reports, without thinking of the authorisation setup in terms of roles and user groups involved.

To overcome this, all reporting requirements should be linked to business processes, in that it should be possible to identify a step in the process for which the report is providing key information and support. With this in mind we can relate the reports to the jobs, for which roles have been created, and ensure that roles are consistently applied across landscape.

If you can achieve a consistent role design between ERP systems and your BI landscape, it is also possible to automate the allocation of authorisations in your BW analysis authorisations, based on the contents of the equivalent ERP roles. This can be achieved through the use of variables in analysis authorisations and by performing an extraction of the authorised values from the ERP roles assigned to the users. These values can then be referenced at runtime of reports to present only data for which the user is authorised in the ERP system.

An example:

Your company employs accounts payable clerks to process payments and, to support their business processes, a suite of reports has been developed. These accounts payable users have an AP clerk role for one company code in ERP and an equivalent AP clerk role in BW. You have used variables in the analysis authorisations to provide the company code access, in alignment with that which is allocated in the ERP system and the role provides access to the multiproviders which store the reports for the AP function.

This can be further extended into Business Objects (BO) reporting suite, where roles from the BW system can be imported as user groups and a folder or universe structure created which mirrors the job-aligned roles in the BW and ERP systems. In this way, provision of a role in ERP can logically extended into BW and BO systems to provide consistent, business process aligned access across the landscape and provision the reports which support that job function.

To continue the example above, our AP clerk would then have access to folders or universes in BO which provides the reports and the data which support their job, plus the access in BW to provide commensurate data access with that allocated in ERP.

If you bear in mind these principles in the design of your Management Information systems authorisation concepts, you can make life much easier and provide business focussed reporting, while ensuring compliance with your security objectives for data.

If you have any comments or questions, please feel free to use the comment submission below.