Consolidating through Role Mining


After completing this lesson, you will be able to:

  • Compare roles through role mining and analyze action usage

Role Mining

Role Comparison Overview

Role comparison allows you to compare two or more roles in the SAP Access Control application or between the application and a target system. Synchronizing authorization data can be done from either SAP Access Control or the back end system.

For example, you can compare a copied role and the original role, or a role in different systems. The tool helps you to identify inconsistencies or updates.

You can compare roles by Action Level, Permission Level, or both. For that, choose the application Role comparison.

To open the Role Comparison app, select the tile.
Role Comparison. Step 1: Select Roles.

The comparison process consists of the following five steps:

  1. Select Roles: Select roles that you want to compare. You can use the standard role search here.
  2. Enter comparison criteria: You can compare roles within Business Role Management of SAP Access Control or between Business Role Management and a target system. Choose the level of comparison which can be Action level or Permission level.
  3. Schedule the comparison: Schedule the comparison in the foreground or background
  4. View comparison result: Results are displayed in a table format. You can view the results with the Action description. Comparison results show both unique actions and common actions. Users can also display the permission level comparison on the permissions tab page.
  5. Synchronization: Synchronization is based on the synchronization type and can be either from the target system or from SAP Access Control. Generally, synchronization is done from the target system to SAP Access Control, only on rare occasions a sync from SAP Access Control to the target system is performed.

Action Usage

Transaction Usage is the ability to view role usage in an organization. Administrators identify the most highly used roles and the least used roles to see the role usage pattern.

This analysis helps organizations in the following ways:

  • Highly used roles must be clean.
  • Least used roles are candidates for review and removal.
  • If a role is used many times by a user who generally does not need to use it that frequently, this can identify potential fraud about to occur.

The report indicates valuable information about what users have accessed on a specific system and how many times they have accessed it. Action Usage report lists action usage by roles, users, and profiles. You can use the Action Usage app to generate this report.

To open the Action Usage app, select the tile.
Action usage by user, role, and profile.

You can see the last execution date of the action and the number of times the action is executed in a specific time period for SAP systems. The report shows action usage information only for the system where the role was associated with the action.

To run a report, choose Run in Foreground or Run in Background. We recommend running this report in the background because the job for analyzing role usage is resource-intensive. You can sort, format, and export the results.

Log in to track your progress & complete quizzes