Debunking the Most Common SAP
Access Control Myths 
Which can Make it a Lot Easier!

Live Online Training
Fundamentals of Assessing User Access in SAP ABAP Systems powered by Access & Integrity Consulting GmbH

Identity and access management is the cornerstone of an SAP ABAP© system's security posture. There are a lot of myths out there that result in blind spots, inaccurate recommendations, and unnecessary access risks. This training will debunk commonly held misconceptions about SAP user management, roles, and authorization, making your audit easier and more accurate by efficiently finding otherwise missed access risks efficiently. Previous knowledge of SAP is not required. The concepts and included access management tools are broken down into easy to understand topics based on best practice assessment approaches. You will watch live, in-depth demonstrations on the challenges and pitfalls of assessing access risk with the tools provided in your SAP ABAP© system and receive solutions to overcome them. With hands-on exercises and live trainer support, two half-days is all you need to help your organization identify critical authorization assignments and segregation of duty risk in SAP ABAP© systems such as SAP S/4HANA© or SAP ECC before the auditor does. 

7 hours

Live instructor


Maximum 14

Language Options

English or German


 Certificate Upon Completion


€ 700
per learner

Who’s a Good Fit

 SAP Administrator
 SAP Security Consultant
Identity & Access Management Experts
 IT Security Auditor

A Taste of What You Will Learn:

  • Understand how and why the access control and user management concepts of the SAP ABAP© technology differ from other IT systems by getting an introduction into the SAP specific implementation of fundamental identity & access management terms
  • Take a journey through the different tools and options to assess user access available in an SAP ABAP© system and what can be the challenges and limitations of using them
  • Learn how to identify typical access risks in SAP ABAP© systems and get a head start on compiling your critical authorizations and segregation of duties check list
  • Gain practical experience on how to assess authorization concepts by taking advantage of the decade-long project experience of the trainer
  • Find out what are the most important identity & access management objectives in SAP ABAP© system's according to their business use cases and regulatory requirements

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Operations

  • SAP Administration
  • SAP Security Consultant

IT Security

  • Identity & Access Management Experts
  • IT Security Auditor

Who Else Might Be A Good Fit

If you have a traditional background in SAP administration and want to understand more about IT access auditing this course is a great fit to help you expand your existing skills with an audit and security point of view

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role Title Work Role ID
SAP Security Control Assessor SP-RSK-002
SAP System Administrator OM-ADM-001
SAP Information Systems Security Developer SP-SYS-001


  • General knowledge about identity management concepts


  • General understanding of the concept of role-based access control management


  • Fundamental knowledge about the SAP ABAP© technology
  • General ability to work with the SAP GUI client software and SAP transactions

SAP Security Training Overview

Number of Modules: 7
Duration: 2 half-days, 7 hours total, (day 1 9:00am - 13:00pm, day 2 9:00 - 12:00 CET)
Class Size: 7-14 participants per class
Investment: €700 per person (excluding taxes)
Software Version: Unrestricted
Instructor: Wolfgang Steiger
Modules Covered in Training:
  • Introduction into the general requirements of authorization concepts
  • Overview of the fundamentals access control terms and their regulatory meaning in SAP ABAP© systems
  • Introduction into SAP user management & authentication
  • Fundamentals of the user access management tools in SAP ABAP© systems Introduction to the SAP authorization concept
  • Introduction into SAP authorization security flaws
  • Fundamentals of assessing user access in SAP ABAP© systems
  • Overview of critical authorizations and permission assignments in SAP ABAP© systems
*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.


For this course you will use a NO MONKEY lab environment to practice. The lab provides access to an SAP S/4HANA© system with a exercise setup of different users and access assignments to assess during the training. You can access to environment by a virtual desktop system with all necessary tools pre-installed

In addition you will need:

  • HTML 5 ready Browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom client