Extend Role-Based Controls Using ABAC Policy Enforcement
One-off role derivations have created a “role-explosion” – adding complexity and overhead to role management. And enforcing access controls beyond a user’s role, down to a field-value level, requires unscalable customizations.
SAP ERP Central Component (SAP ECC) and S/4HANA leverage static roles to govern access. These roles have reached their limitations in a dynamic workplace because static roles do not leverage contextual attributes. In addition, static roles remain in-tact as users move around the organization and change their job scope. Unless constantly provisioned, static roles can quickly become outdated, leaving an organization exposed to potential risk.
Enterprise Data Insight enables organizations to align data governance and business policies. By extending existing static roles with attribute-based controls, access can be dynamically managed. In addition, access deemed risky (based solely on context) can be restricted.
Enterprise Data Insight allows you to restrict access to sensitive data and transactions if the context is suspicious. For example, user attributes, data attributes, activity type, IP address, user location, time of day, amount of money transacted, the number of transactions, user activity trends, and segregation of duty.
For customers using SAP GRC, Enterprise Data Insight can extend existing access control policies, and enhance reporting capabilities. Enterprise Data Insight overlays GRC and leverages what you already deployed to protect your organization.
With Enterprise Data Insight, you can choose to mask (fully or partially), block, or redirect access to sensitive data fields across the application using a single policy. Click-to-View field masking prevents unnecessary exposure of sensitive data while still allowing users to view data with expressed intent. Reducing the exposure of PII and other sensitive data improves your regulatory compliance.
Customers can reduce the amount of acceptable risk by using granular access controls to strengthen field and transaction-level security. You can block malicious activity in real-time and manage privileges by placing limitations on who can access an application, from where, when, how they can access it, and what they can do with it.
With Enterprise Data Insight Data Protection you can quickly and easily detect, identify and fix your exposure. The dynamic data masking process can be applied across all core and/or industry-specific modules.