SAP Security & GRC

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.
In this short, practical session, Ross Robertson will walk through how to create a custom SAP Fiori catalog to give users access to specific apps, tiles, and target mappings — using SAP-recommended best practices.
Key takeaways:
· An overview of SAP Fiori catalogs and their role in authorisation and UX
· How to create custom catalogs using Fiori Content Manager
· Why SAP technical catalogs should be used as references
· How to identify the correct tiles and target mappings via the SAP Fiori App Library
· A simple but critical service check to prevent broken navigation and OData issues
Don’t miss out on insights from industry expert:
· Ross Robertson – Senior SAP Consultant - Soterion
For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. 
 
In this session, we walk through a practical, real-world demonstration of how SU24 authorization defaults and SU24 variants can significantly reduce manual maintenance when building SAP roles. 
 
Using the widely-used MIGO transaction as an example, we show you how different business processes (such as Goods Receipts and Goods Issues) often require different movement types — and how SU24 variants make it possible to standardise and automate these differences cleanly. 
What you’ll learn from this episode: 
🔹 How SU24 authorisation defaults work and why they’re essential for effective SAP design, with a low support burden.
🔹 The problem with repeated manual maintenance when using MIGO across             multiple roles
🔹 How to create and transport SU24 variants for different business scenarios
🔹 How variants ensure consistency across role builds while reducing effort and        risk
🔹 A step-by-step walkthrough of building two roles using variants for GR and GI 
 
Don’t miss out on insights from: 
Emile Steyn - Business Unit Manager – Soterion Benelux 
Ross Robertson –  Senior SAP Authorisations Consultant - Soterion

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. 
 
In our latest technical series episode, we unpack one of the most important building blocks in SAP authorisations: single roles. Our experts explore the different ways organisations design single roles to balance provisioning efficiency, SoD risk reduction, and long-term maintainability. 
 
Key Takeaways: 
 
🔹 The difference between task/functional roles and value/enabler roles 
🔹 Why some companies prefer job-role-based design for easier provisioning 
🔹 The hidden pitfalls of job roles — including SOD risk and over-allocation 
🔹 How parent & derived roles simplify maintenance across large landscapes 
🔹 The role methodologies that influence risk, licensing and long-term scalability 
 
Don’t miss out on insights from:

Emile Stey -  Business Unit Manager – Soterion Benelux 
Cameron Mattison –  Senior SAP Authorisations Consultant - Soterion  
Ross Robertson –  Senior SAP Authorisations Consultant - Soterion  
 For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. 
In our latest technical podcast episode, we dive deep into a crucial piece of the SAP authorisation puzzle — authorisation default values. 
You’ll discover: 
How authorisation defaults determine which checks are performed during transaction execution 
The difference between SAP standard defaults (SU22) and customer-specific defaults (SU24) 
How to handle complex transactions like MIGO with multiple business functions 
Why fine-tuning these defaults helps avoid over-assignment and license exposure 
 Don’t miss out on insights from industry experts:
Emile Steyn, Business Unit Manager – Soterion Benelux 
Ross Robertson – Senior Consultant - Soterion 
 For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. 
 
Introducing Our Technical Series: The Building Blocks of SAP Role Design. In the first episode of our new Technical Series, we unpack the foundations of SAP authorisations — what they are, how they function, and why they matter. 
 
 In this episode, we explore: 
The different ways users access functionality in SAP (transactions, Fiori apps, RFCs, etc.). 
How authorisation objects and field values govern access at a granular level. 
The link between authorisation precision and license optimization. 
Why aligning authorisations with business objectives is key to secure, efficient operation. 
 
Don’t miss out on insights from industry experts: 
Emile Steyn, Business Unit Manager – Soterion Benelux 
Ross Robertson – Senior SAP Consultant - Soterion 
 For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/