Solutions
Services
Insights
About
Jobs
Contact
Authorizations Management

Access Manager for Support Organizations

Access Manager for Support Organizations (AMSO) is a central authorizations management system for support and technical users.
Our Solutions
Consultation Services
Solution is SAP certified - integration with SAP S4/HANA
Overview

SUIM's Access Manager for Support Organizations (AMSO) is specifically designed to meet the needs of your support organizations (e.g. Competence Centers). While end users usually work in a single business unit across multiple systems (e.g. controller, HR business partner), support users (e.g. consultants, developers, or technical users) require access across multiple business units on specific systems.

AMSO is system-oriented, not organization-oriented. With AMSO you can create systems or system clusters that are assigned through an approval workflow or automatically. AMSO also allows you to easily combine different sets of authorizations in one business role across different systems (productive versus non-productive systems).

Efficiency

AMSO provides wizards to setup your support access landscape efficiently. Once your system landscape and support authorizations are customized, AMSO helps you save time by enabling you to assign support access across all systems from one central matrix, with one click. Support users can get to work immediately from day 1 with all their necessary authorizations.

Flexibility

Use AMSO to organize your internal and external support users flexibly. AMSO allows you to integrate your system landscape easily and to connect new satellite systems (e.g. ABAP, SAP HANA, Cloud) quickly and securely.

Simplicity

AMSO's intuitive authorization matrix is an innovative way to conveniently manage and display support authorizations across systems and teams (support / technical). Assigning complex permissions to support users is straightforward with AMSO and can be easily mastered by your system administrators. Furthermore, support users can request essential authorizations for their day-to-day operations via AMSO's self-service function.
compatibility

Authorizations related entitites

Authorization related entities represent elements of an IT solution/product that is delivered within this SUIM product and can be integrated  for generation, administration, provisionning and/or monitoring purposes.
Active Directory Groups (AD member of)
BPC-Embedded : AppSet / Team / Is Leader
Custom01 Attribut for Success Factors
DDIC Table
Emergency Handler User
Group for SAP Cloud Authentication Service
Group for SAP Cloud Enable Now - Via IAS
Group for SAP Cloud Provisionning Service
Groups for Microsoft Azure / Office365
HANA Role
Infotype 105 Subtype
OLAP - BW/BI Authorizations
Organizational unit
Position
Position (BP assignment based on user)
Position (CP assignment based on user)
Role Collections for SAP BTP Subaccount
Roles for SAP Analytics Cloud
Rolle for Admin Users for Success Factors Learning
SAP Composite Role
SAP Derived Role
SAP Query User Group (Global)
SAP Query User Group (Standard)
SAP Role
SAP Structural Profile
Static Permission Groups for Success Factors
Teams for SAP Analytics Cloud
SAP ABAP Stack user
LDAP Account
Microsoft Azure Account
Microsoft Office365 Account
SAP company name
SAP HANA DBMS-user
SAP HCM Organizational unit
SAP JAVA Stack user
SAP-BTP-User
RZ10 Parameter
SAP-IAS-User
Success Factors external user
Success Factors LMS Admin user
SAP-HCM-Job

Identity related entitites

Identity entities represent reource-related elements (identity, organization, user) of a solution/IT product that can be integrated in this SUIM product for administration, provisionning and/or analysis purposes.
Active Directory Groups (AD member of)
BPC-Embedded : AppSet / Team / Is Leader
Custom01 Attribut for Success Factors
DDIC Table
Emergency Handler User
Group for SAP Cloud Authentication Service
Group for SAP Cloud Enable Now - Via IAS
Group for SAP Cloud Provisionning Service
Groups for Microsoft Azure / Office365
HANA Role
Infotype 105 Subtype
OLAP - BW/BI Authorizations
Organizational unit
Position
Position (BP assignment based on user)
Position (CP assignment based on user)
Role Collections for SAP BTP Subaccount
Roles for SAP Analytics Cloud
Rolle for Admin Users for Success Factors Learning
SAP Composite Role
SAP Derived Role
SAP Query User Group (Global)
SAP Query User Group (Standard)
SAP Role
SAP Structural Profile
Static Permission Groups for Success Factors
Teams for SAP Analytics Cloud
SAP ABAP Stack user
LDAP Account
Microsoft Azure Account
Microsoft Office365 Account
SAP company name
SAP HANA DBMS-user
SAP HCM Organizational unit
SAP JAVA Stack user
SAP-BTP-User
RZ10 Parameter
SAP-IAS-User
Success Factors external user
Success Factors LMS Admin user
SAP-HCM-Job

Integration with 3rd parties products

Third-party products corresponds to all SAP and non-SAP, on-premises or cloud IT solutions/products for which this SUIM product has been interfaced / integrated. Each of theses connectors will be delivered within this SUIM product
Active Directory
Microsoft Azure / Office365
SAP ABAP Stack
SAP Analytics Cloud (SAC)
SAP BPC-Embedded
SAP Business Technology Platform (BTP)
SAP Business Warehouse
SAP Cloud Authentication Service (IAS)
SAP Cloud Provisionning Service (IPS)
SAP Enable Now Cloud
SAP HANA DB
SAP HCM
SAP JAVA Stack
SAP Success Factors
SAP Success Factors Learning (LMS)
Workday HCM Source

Integration in other SUIM products

The other SUIM products are the other SUIM modules, which are not part of this solution, but for which integration adds value.
Application Tracer
Compliance Enforcer
Business Role Validator
Identity Manager
License Optimizer
TOP 5 Features

Filter the matrix by action(s)

You need an authorization for an action (transaction, Fiori App, service, RFC function, etc.. )? AMSO makes it simple: a single filter narrows down the choices for a permission request by showing only the target systems and AMSO roles that can give access to that action.
Read More
Inherent role transport solution

A function that allows you to know which systems an authorization element is used can be displayed. In the same way, SUIM's integral transport program allows you to transport the roles from an original system to multiple system(s).

Templates management

An authorization template is a pre-designed AM or AMSO roles over the system landscape that outlines the rules and regulations for granting access to a resource. It is useful for ensuring that the authorization process is consistent and efficient.

Request/assign roles using copy feature

Sometimes, a new employee requires the same permissions as their colleague. For these cases, a whole process of provisioning rights per copy (full copy or enhancement, provisioning from a date, copy of a source user or a template, etc.) has been created.

Integration with the Identity Manager

Integration with Identity Manager allows for the deletion of AMSO roles and all in included support authorizations elements assignments to a user, at the correct date in the event of an organizational transfer or leaving action.

Integration with Business Role Validator

The integration with the Business Role Validator enables you to revalidate periodically critical support roles by either role owners or managers.

Integration with other SUIM applications

The integration with other SUIM applications increases the efficiency and functionality: 

  • With the integration of Business Role Validator (BRV), it enables you to revalidate periodically critical support roles by either role owners or managers.
  • With the integration of Identity Manager (IM), it allows for the deletion of AMSO roles and all support authorizations elements assignments to a user, at the correct date in the event of an organizational transfer or leaving action
  • With the integration of Compliance Enforcer (CE), it is possible to run risk checks and SoD violations.
workflow

Support roles often contain critical authorizations. Therefore its important to guarantee only the allowed users have access to these roles. With AMSO different kind of authorization workflows can be designed in order to ensure a 4-eyes principle or even to create multistage WFs with different approvers (e.g. role owner, supervisor, security etc.).

Time-based role to user assignments

Define the validity of user to role assignment based on your requirements. Various time variables are available:

  • Fixed time period (from to)
  • Role provisioning beginning on a future date
  • Time series (authorize revisions based on your audit schedule - e.g. every September to October)

Discover SAP services and solutions tailored to your business needs.

With dozens of tools at your disposal, we customise a best-fit solution to meet your business’s needs. Request a consultation with our expert team today.
Read Article
© Copyright 2006 -2024 - Powered by SUIM - all rights reserved +41 22 575 24 92
Privacy
Imprint