Fundamentals of Assessing User Access in SAP ABAP© Systems Powered by Access & Integrity Consulting GmbH

Identity and access management is the cornerstone of an SAP ABAP© system's security posture. There are a lot of myths out there that result in blind spots, inaccurate recommendations, and unnecessary access risks. This training will debunk commonly held misconceptions about SAP user management, roles, and authorization, making your audit easier and more accurate by efficiently finding otherwise missed access risks efficiently. Previous knowledge of SAP is not required. The concepts and included access management tools are broken down into easy to understand topics based on best practice assessment approaches. You will watch live, in-depth demonstrations on the challenges and pitfalls of assessing access risk with the tools provided in your SAP ABAP© system and receive solutions to overcome them. With hands-on exercises and live trainer support, two half-days is all you need to help your organization identify critical authorization assignments and segregation of duty risk in SAP ABAP© systems such as SAP S/4HANA© or SAP ECC before the auditor does.

A Taste of What You Will Learn:

  • Understand how and why the access control and user management concepts of the SAP ABAP© technology differ from other IT systems by getting an introduction into the SAP-specific implementation of fundamental identity & access management terms.
  • Take a journey through the different tools and options to assess user access available in an SAP ABAP© system and what can be the challenges and limitations of using them.
  • Learn how to identify typical access risks in SAP ABAP© systems and get a head start on compiling your critical authorizations and segregation of duties check list.
  • Gain practical experience on how to assess authorization concepts by taking advantage of the decade-long project experience of the trainer.
  • Find out what are the most important identity & access management objectives in SAP ABAP© systems according to their business use cases and regulatory requirements.

Course Information

  • Number of Modules: 7
  • Duration: 2 half-days, 7 hours total (day 1 9:00 - 13:00, day 2 9:00 - 12:00 CET)
  • Class Size: 7-14 participants per class
  • Investment: 700 EUR per person taxes excluded
  • Software Version: Unrestricted
  • Instructor: Wolfgang Steiger
  • Security Skill Matrix: IY-A learn more here

Modules Covered in Online Class

  1. Introduction into the general requirements of authorization concepts
  2. Overview of the fundamentals access control terms and their regulatory meaning in SAP ABAP© systems
  3. Introduction into SAP user management & authentication
  4. Fundamentals of the user access management tools in SAP ABAP© systems
  5. Introduction to the SAP authorization concept
  6. Introduction into SAP authorization security flaws
  7. Fundamentals of assessing user access in SAP ABAP© systems
  8. Overview of critical authorizations and permission assignments in SAP ABAP© systems

*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST, and SAP recommendations.

Who’s a Good Fit

SAP Operations

  • SAP Administrator
  • SAP Security Consultant

IT Security

Identity & Access Management Experts
IT Security Auditor

NIST/NICE Cybersecurity Workforce Framework Work Roles

SAP Security Control Assessor (SP-RSK-002)
SAP System Administrator (OM-ADM-001)
SAP Information Systems Security Developer (SP-SYS-001)

Who Else Might Be A Good Fit

If you have a traditional background in SAP administration and want to understand more about IT access auditing this course is a great fit to help you expand your existing skills with an audit and security point of view.



  • General knowledge about identity management concepts


  • General understanding of the concept of role-based access control management


  • Fundamental knowledge about the SAP ABAP© technology
  • General ability to work with the SAP GUI client software and SAP transactions

Practice Environment Tools

For this course you will use a NO MONKEY lab environment to practice. The lab provides access to an SAP S/4HANA© system with an exercise setup of different users and access assignments to assess during the training. You can access to environment by a virtual desktop system with all necessary tools pre-installed.

In addition you will need:

  • HTML 5 ready Browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom client

Reach out to us to book a training for you or your team!

Send us a message

Read Our Customer Success Story

"Let me first say that I had some previous contact with other SAP-related trainings, but this one was by far the best. One can clearly see that you are a knowledgeable trainer with a wide array of expertise, willing to sidetrack interesting topics as they arrive."

Alexander MeierTeam Lead SAP Security Services at SEC Consult

Read the Customer Success Story

Security is Culture!