Role Design Review

Service Summary


Winterhawk • Consulting • Consultant • Global • SAP • GRCOur Role Design Review is a fixed price service designed to evaluate a customer’s existing Role Design.

Our highly skilled resources leverage our Role Design Review database to efficiently extract and process an organization’s security data. The Role Design Review database contains scripts that analyze the security data in order to identify:


  • The assignment of sensitive business transactions to end users and roles
  • The assignment of sensitive administrative transactions to end users and roles
  • The assignment of sensitive authorization objects within roles
  • The manual insertion of authorization object S_TCODE for transaction access
  • The quality of the design based on user usage compared to user access
  • The adequacy of naming conventions
  • The assignment of organizational access
  • The usage of manual authorization changes in Roles
  • Table USOBT_C maintenance through transaction code SU24
  • Direct profile assignments to end users
  • Unassigned roles in Production
  • Create and change activities assigned in display and reporting roles

For additional information

Get in touch for
Role Design

SAP Role Design Review



Winterhawk • Consulting • Consultant • Global • SAP • GRC The review begins by interviewing key customer stakeholders to gain a thorough understanding of the as-is SAP Role Design, automating the initial analysis of the customer’s SAP Security data using our proprietary SAP Role Design Review database, and preparing a comprehensive report using our highly skilled resources with deep SAP Security knowledge.

Specifically, we perform the following activities:

  • Hold a requirements gathering session with the customer to review the sensitive business and administrative transactions we’ve defined and incorporate additional standard and custom transactions the customer requests
  • Obtain user usage information from the customer’s in scope SAP environment(s)
  • Obtain security table data from the customer’s in scope SAP environment(s)
  • Process the security and usage data in our SAP Role Design analytical database

After the scripts are executed, our experts will analyze and assess the data and prepare a comprehensive report with findings and actionable recommendations.

These reports frequently identify high risk issues that can be quickly remediated by the organization (eg. users with the SAP_ALL profile) and often lead to an organization requesting a full scale SAP role re-design.

If required, a detailed project/work plan showing the cost to implement the remediation recommendations can be prepared.