Authorization concepts are very often something like the unloved and underestimated child in many projects. But the increased compliance requirements and the need to ensure strict privacy and data protection mandate mature authorization concepts.
Therefore my colleagues, Troels Lindgaard from KMD and I have created a proposal for an authorization concept maturity model in a paper we recently published on SDN. Our goal is two folded: First we would like to enable you to assess the maturity of your current authorization concept. Such an assessment is the precondition to enable to support the compliance efforts of your organization. Second we have described suitable steps to jump from lower levels to a real mature authorization concept. We have combined our experiences from several projects and reviews to create this maturity concept. The model has already proven its benefits as we are using that model while working on these topics at several customers.
But a lot of questions are still under discussion. Just some examples:
1.) Do we need a differentiation for smaller and bigger SAP installations?
2.) Do we need to differentiate the maturity concept for different industries and create industry-specific ones?
Therefore we are really keen to get your feedback about our model.