Entitlement Manager for SAP is an SAP-endorsed business solution. It extends the native SAP authorization model to provide fine-grained attribute-based data-level access control to SAP business data. Entitlement Manager for SAP allows businesses to:
- Automate global trade compliance and lower compliance costs associated with various export control regulations, such as the International Traffic in Arms Regulation (ITAR), the US Export Admin Regulations (EAR), the UK Export Control Act (ECA), the German Federal Office of Economics and Export Control (BAFA) regulations, Department of Energy regulations 10 CFR part 810 (DOE 810), and the Chemical Weapons Convention (CWC).
- Protect intellectual property while enabling global design collaboration and prevent wrongful disclosure of design and engineering specifications in compliance with proprietary information exchange agreements and nondisclosure agreements.
- Prevent data breach across the global supply chain and protect supply, demand, and manufacturing data in accordance with contractor and supplier agreements.
- Improve privileged user management and enhance data security, minimizing the risk of SAP data spillage and contamination.
- Simplify compliance reporting through centralized logging of access.
Data-Level Authorizations for SAP Applications
The NextLabs Entitlement Manager for SAP extends the native SAP authorization model to provide easy to manage policy-based authorization to specific SAP data, based on attributes, such as material or document security classification, user citizenship, current user location, and data type.
Entitlement Packs provide pre-packaged integration into key SAP modules including SAP Enterprise Resource Planning (SAP ERP), SAP Product Lifecycle Management (SAP PLM), SAP Customer Relationship Management (SAP CRM), and SAP Document Management System (SAP DMS), among others. Support for other SAP modules or custom transactions (zPrograms) can be done easily through BAPI-integration.
Entitlement Manager for SAP provides the following core capabilities for SAP applications:
- Security Classification: Simplify classification of SAP data for proper control of data access. Maximize benefit driven via classification by leveraging existing associations between SAP data objects to automatically inherit classification.
- Attribute-based Access Control: Extend SAP authorization concepts beyond context and role to provide fine-grained access control based on attributes such as nationality and location.
- Integrated Rights Management: Integrate rights protections into SAP to provide encryption, as well as document access and usage control. Rights protection is applied persistently, even after documents are exported or downloaded from SAP.
- Audit: Provides an audit trail on the usage of and access to critical SAP data and facilitates compliance reporting.
The Control Center works with Entitlement Manager to provide centralized authorization management of XACML-based policies governing data access across all SAP applications. The figure below illustrates how Entitlement Manager is deployed in a typical SAP landscape.
Entitlement Manager works consistently across various SAP interfaces, including SAP GUI and SAP NetWeaver® Portal, to enforce data access and sharing policies, and can be extended to protect critical data even after it is exported or downloaded from SAP applications to provide end-to-end protection.