SAP profile modeling (Roles) generally obeys a logical structure established for the purpose of facilitating administration, simplifying security management and SoD risks, as well as enabling sustainable reuse of profiles. Job-Based and Job-Based Profiles (Task-Based) are the most popular models available. Opting for one of the many other existing modeling types requires a detailed analysis of the organization's requirements versus characteristics and impacts provided by the chosen model, for example:
Technical Structure - Quantitative evaluation of numbers of profiles vs transactions vs authorizations provided by the adopted model:
- Number of Roles generated;
- Quantity of Duplicate Transactions / Authorizations;
- Amount of access granted unnecessary;
- Number of Roles associated with the User.
Risk Management - Evaluation of aspects of adherence to security requirements, auditing, internal controls and risks provided by the adopted model:
- Simple Roles without violation SoD;
- Flexibility for SoD Management;
- Provides greater security of access;
- Requesting and Provisioning Additional Access.
Governance / Operation - Evaluation of the model adopted after project (operation) and its adherence in aspects related to maintenance cost and operational governance:
- Names convention that facilitates the request for additional access;
- Flexibility to maintain additional access;
- Flexibility for Organizational Restructuring;
- Flexibility for Rollouts;
- Flexibility to associate owners with Roles;
- Flexibility to incorporate exceptions.