NextLabs Releases New Entitlement Management Product for SAP S/4HANA

San Mateo, CA (March 28, 2017) – NextLabs®, Inc. (, an SAP partner and leading provider of data-centric security software for large enterprises, announced a new product in the Data Centric Security Suite for SAP software* – Entitlement Manager for SAP S/4HANA, the next generation business suite built on SAP’s advanced in-memory platform. S/4HANA provides the ability to unite business processes and data from various SAP and non-SAP sources into one digital core. This increases access control and data security requirements to ensure that only the right people have access to the right information.

Entitlement Manager for S/4HANA provides enhanced access control across all Fiori applications. All associated business processes go through a single configurable authorization check where policies are applied to determine whether the action is properly authorized or access should be granted. This central authorization check serves to greatly streamline user access and data entitlement policies. To determine whether action is permitted or access should be granted, the system leverages contextual information at the time of request to make fine-grained authorization decisions in real time, eliminating unauthorized access.  Dynamic authorization and attribute-based access controls (ABAC) are natively integrated into S/4HANA to provide a seamless user experience and automate the enforcement of global security policies and compliance procedures into key business processes.

Entitlement Manager extends SAP S/4HANA native security and authorization and complements SAP GRC in the following ways:

  • Authorization decisions are made using real-time contextual information, or attributes, about the user (job, project, cost center, location, citizenship, ), properties of the data (classification, category, type, content, etc.) and environment (device, location, time). This content enables fine-grained decisions to ensure that only the right people gain access to the right data.
  • Attributes are used in conjunction with roles to enhance controls, enforce real-time access controls, prevent SoD and security violations, and protect data on the move.
  • Role-based access control, which is used to apply controls at the transaction level, can be extended to protect S/4HANA business objects directly, based on attributes of data, users, and context. The use of attributes with roles helps to simplify data security controls and reduce role explosion.
  • Controls initially designed for business objects in SAP can be extended to other applications for seamless, consistent protection across the enterprise.

The Entitlement Manager for SAP S/4HANA offers additional benefits:

  • Simplified configuration management accelerates time to deployment with an advanced configuration tool that is integrated with SAP implementation guide.
  • Logical and physical data segregation filters out unauthorized data and determines where sensitive data and documents should be stored to comply with policies for restricted access and regulated documents.
  • Attribute-based access control provides comprehensive coverage of transaction codes across applications and processes. Transactions can be easily configured for enhanced authorization capabilities. Out-of-the-box coverage and an expanded policy integration framework significantly improves time-to-value and reduces total-cost-of-ownership.
  • Advanced data classification allows automated data classification and access to be determined dynamically based on the SAP business objects. Controls, initially designed for business objects in SAP, can be extended to other systems for seamless, consistent protection across the enterprise.
  • Security and compliance managers gain assurance and increased visibility on information compliance through the comprehensive activity logging, audit trails, monitoring and reporting

As a result, application and data protection becomes an integral part of the business process, whether on-premise or in the cloud. The NextLabs solution for S/4HANA helps global enterprises accelerate global ERP consolidation, protect intellectual property throughout the extended enterprise, improve export and regulatory compliance, and enhance data and cyber security.

“SAP and NextLabs have partnered to provide customers with the highest level of data and application protection to ensure that SAP organizations can meet the demands of digital transformation and global collaboration without compromising the security of their most critical asset – data. Our native integration with SAP combines automated protection with a seamless user experience. We strive to protect the high-value SAP data regardless of where the data is stored and used,” said Keng Lim, CEO and Founder of NextLabs. “Our mission is to continue to deliver best-in-class data-centric security solutions to protect applications and data anywhere and everywhere.”

NextLabs, Inc. provides data-centric security software to protect business critical data and applications. Our patented dynamic authorization technology and industry leading attribute-based policy platform helps enterprises identify and protect sensitive data, monitor and control access to the data, and prevent regulatory violations – whether in the cloud or on premises. The software automates enforcement of security controls and compliance policies to enable secure information sharing across the extended enterprise. NextLabs has some of the largest global enterprises as customers and has strategic relationships with industry leaders such as SAP, Siemens, Microsoft, and IBM.  For more information on NextLabs, please visit

* NextLabs Data Centric Security Suite for SAP software provides organizations with a centralized policy-driven solution to combat internal and external threats by securing SAP applications and protecting data across the enterprise and in the cloud. The Data Centric Security suite also includes Enterprise Digital Rights Management for SAP, which protects critical documents and content stored inside and outside of SAP applications; and Entitlement Manager for SAP, which secures SAP ERP and SAP Business Suite applications.