I followed with interest the recent debate about the ASUG Influence model, which started with Why I believe in the power of ASUG Influence Councils Part 2 – The ASUG UI Influence Council about the User Interface Technology council which she is leading. Whether or not you agree with the changes requested by the council members, the fact is that, with clearly articulated goals and good leadership, Influence Councils can be an effective way for groups of customers to give SAP feedback on their solutions, and for SAP to adapt their solutions to better serve their customers, a win all around. Sure, it is not the only way, but it beats some of the alternatives.
Take, for example, this case. Maybe you were there, at SAP TechEd 2007 in Las Vegas, when attendees were given the opportunity to Ask the Executives a question. I did it on a lark, never really expecting my question to make the cut. But lo and behold, at the keynote session, there I was, up on the big screen, earnestly making my case.
The gist of my question was, when is SAP going to do something about all the multitude of authorization concepts, a new concept being unveiled with every new SAP solution, which increases both the cost of providing 24/7 support and the risks associated with a security breakdown. I have to give SAP CTO Vishal Sikka credit; he acknowledged my concern and smoothly segued into a description of the benefits of SAP’s then-new Identity Management Solution. While he had good things to offer to security administrators for improving the tools for our work, that solution does not really address the issue.
Fast forward nearly three years, and we are all looking forward to SAP TechEd 2010. Numerous times over the past three years, my colleagues from the world of SAP security support have reminded me about that question and that concern, most recently my fellow SAP Mentor and ASUG volunteer friend, Tammy Powlas. Additionally I’ve seen it come up in roadmap presentations given by SAP personnel, where “harmonized authorization concept” is somewere off in the vague distant future. The thing is, without the strength of a group of customers uniting to express a concern and request changes in SAP solutions, I suspect that three more years from now, we may still be lamenting an unchanged situation.
Contrast that to the situation a few years back when a group of SAP customers banded together with concerns about the Central User Administration product. An ASUG Influence Council delivered change requirements to SAP, which eventually made their way into the solution. Even though CUA is being replaced by newer technologies, it was great to see the influence process deliver a sucessful result.
ASUG Influence Councils are a way for SAP customers to present a united voice in the future direction of SAP solutions. A new Security Influence Council is launching on July 21, with several SAP solutions targeted for potential changes. This council will have a working session at TechEd in Las Vegas. I’m not sure when the issue of the ever-expanding list of authorization concepts might come up for discussion, but I am confident that SAP product managers will take our eventual recommendations under consideration and give us a fair hearing.