Dynamic Data
Enforcement
Reduce Your Attack Surface
Deploy Dynamic Data Masking
Reinforce SoD Policy Violations
Real-time policy enforcement and user activity monitoring
Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) are two ways of controlling the authentication process and authorizing users in SAP. Over the years, SAP’s standard RBAC approach is reaching its limits thanks to the growing complexity of access rules and the exponential number of workers accessing valuable ERP data remotely.
Organizations can simplify enforcing governance policies aligned with global trade regulations, segregation of duties, or the segregation of access between different business units by leveraging an attribute-based layer of access controls beyond standard role-based controls. When considering ABAC vs RBAC, Dynamic Data Authorisation extends and modernises SAP’s existing security model by adding a fine-grain approach to user access using contextual attributes.
Enhances Existing RBAC with Attribute-Based Access Controls
DDA combines SAP’s role-based access controls with an attribute-based access control solution that delivers an ABAC + RBAC hybrid approach. This approach enables granular control and visibility that delivers a wide range of business benefits and lets you deploy data-centric security policies that leverage the context of access in order to reduce risk. DDT Hubs overcomes traditional controls’ limitations – allowing you to fully align SAP security policies with the objectives of your business and streamline audits and compliance.
// Dynamic Data Scrambling
Dynamic Data Scrambling is a full security solution that includes pre-defined scrambling rules as well as the ability to create your own policies. In a number of methods, you may use these rules to scramble any non-key field in any non-production SAP database (such as mapping table look-up, constant value, clear a field).
When considering ABAC vs RBAC, it’s not about which is better. It’s about how they work together to create a dynamic authorization strategy.
Complex User Provisioning
Relying on static, role-based access controls in dynamic environments forces a compromise between security and business goals. To eliminate friction while maintaining security requires extensive customisation based on contextual attributes such as IP address, location, nationality, business unit & project affiliation.
Access Rules Are Growing More Complex
The growing number of role derivations required for data-level security is adding complexity and overhead to role management. RBAC alone fails to provide the optimum security level for high-risk data, especially as more users are working remotely and accessing your ERP system from a variety of devices.
Limited Segregation of Duties (SoD) Visibility
Segregation of Duties policies relying on role-based rules can create unwanted business risk because they lack visibility into attributes that define actual conflicts i of interest. This gap also carries over into SoD audit logs, resulting in excessive false-positives when SoD exceptions have been made.