-
SOFTWARE
SOFTWARESAP HCM & PayrollQuery Manager Query Manager Add-ons Document Builder Variance Monitor DSM for HCM HCM Productivity Suite FLOW GeoClockSAP Landscape & Test Data ManagementData Sync Manager (DSM) suite - System Builder/Shell Sync - Object Sync - Client Sync - Data Secure Archive CentralSupport & TrainingClient Central E-learning & trainingSAP Data Privacy & SecurityData Privacy suite - Data Secure - Data Disclose - Data Redact - Data Retain Cenoti (Splunk connector) Soterion (GRC)
-
SERVICES
SERVICESSAP HCM & PayrollPRISM for HR & Payroll SAP SuccessFactors Integration monitoring Payroll reporting Report writingClient-specific DevelopmentCustom development SAP BTPSAP Landscape & Test Data ManagementPRISM Migrations to S/4HANA System Landscape Optimization (SLO) Managed data refresh servicesSAP Data Privacy & SecuritySAP data privacy assessment serviceMass data removal services Data privacy consultingCloud and Application Managed ServicesFunctional AMS Cloud management services Cloud migrations Basis managed services Private cloud hosting SAP on AWS SAP on Azure Premium Support Services
- All Solutions
- Request Estimate
-
Resources
Resources Blogs Read the latest updates on SAP SLO, SAP HCM, Data & Privacy, and Cloud Webinars Access expert insights in live and recorded webinars Video library Watch videos and improve your SAP knowledge
- About
Orkla gets clear insights into their SAP user access and roles with Soterion
Automated Emergency Access Management process
Improved Access Requests in S/4HANA
Access risk remediated in legacy solutions
Transparency in access management
About Orkla
Based in Norway, Orkla ASA is a leading industrial investment company. Their scope of activity is brands and consumer-oriented companies. At present, Orkla has 12 portfolio companies.
Orkla has a long-term, industrial approach to its portfolio companies. They invest in companies where they can contribute to further value creation through their industry expertise, consumer insight and experience in building leading brands. Orkla ASA is listed on the Oslo Stock Exchange.
The challenge: multiple separate systems
Orkla manages roughly 120 SAP ERP systems across their landscape. The reason they run a large number of systems is primarily because of historical mergers and acquisitions; they also have data located both on-premise, and in the cloud.
They encountered three main GRC (Governance, Risk and Compliance) challenges:
- Firstly, the emergency access used manual processes for user management and reporting, and incorporated complex review procedures. This was partly because of an IT culture where people felt they should be trusted without question; and also because of the need to keep the Production system running.
- Secondly, in terms of User Access Requests in their S/4HANA solution, the approvers did not have visibility on what they were approving. It was a cumbersome email process, and role assignments and user creations were done manually
- Thirdly, their many legacy SAP solutions had a high level of access risk. They required Access Risk Remediation to remove some superfluous roles, including Norwegian abbreviated roles. They needed to focus on roles with risks and get acceptance/remediation.
Soterion: One solution for multiple issues
Orkla was able to address their GRC challenges by implementing Soterion solutions, as follows:
- In terms of emergency access management, the solution included detailed logging of emergency activities, such as Transaction/Fiori usage, change logs and table changes. They could also get a workflow and audit trace of the activities for peace of mind.
- Soterion provided visibility to approvers and helped to create a sense of ownership to local business in terms of user access requests. To improve efficiency further, the automated solution allowed auto-provisioning of user access, and a daily notification to the team, including levels of access for additional checking
- To solve legacy solutions, the Orkla IT team leveraged Soterion to get insights into which user-to-role mappings existed, what access the users had, and how the access was used. This enabled tailoring access and consolidating single roles into composite roles, and mapping business role logic. The next step is to automate the access provisioning process in Soterion for these roles.
The insights we got from Soterion enabled us to really see what access people used, and not just what they felt they required
Transparency in access management and reduced risk
Orkla was able to address their challenges with Soterion by having detailed information available on emergency access management. This reduced the risk to the organisation. Moving forward, they are looking at improving the process even further. The different local businesses are now able to take ownership of the user access requests thanks to the business roles included on Orkla’s S/4HANA systems, visibility of well-defined roles and the access request data Soterion could provide.
Legacy systems can achieve unnecessary access permissions over time. To improve security and clarity, it’s recommended to organise user access around business functions. Orkla achieved this by streamlining existing roles and leveraging Soterion’s capabilities to consolidate roles based on user activities, minimizing potential security vulnerabilities.
With Soterion’s Access Manager, the approval process is much more transparent, and there is no resistance from the business users anymore
 Approvers gained visibility of user access. |
 User access now owned by the business. |
 Need for email-based approvals eliminated. |
 Simplified business processes (284, 880 role assignment changes roll up into 604 workflows). |
 Valuable insights into legacy system’s roles. |
 Support for a future-proof business role concept. |
