Fewer manual checks. No unnecessary effort. More control.
We are pleased to introduce our new Smarter Access Control Framework with the May 2026 release.
The Smarter Access Control Framework is another essential component that expands our platform to cover a particularly important area: complete control over permissions and segregation of duties without the high costs, limitations, and resulting complexity of traditional solutions.
In recent months, numerous customers have told us that existing tools on the market are too inflexible and do not meet their individual requirements. Based on this feedback, we have focused on ease of access and usability for our solution. Checks are quick to create, expand, and adapt to your specific requirements.
Are you interested in a product demo? Or do you have feedback on our new framework?
Just get in touch with us.
Send an email directly to Magnus.Ertel@smartersec.com or use our contact formular.
Current challenges
Many SAP customers struggle with the same problems every day:
Standard SAP tools are reaching their limits
The built-in tools offer only limited flexibility when it comes to verifying segregation of duties (SoDs) and authorizations. Custom requirements often cannot be implemented at all, or can only be implemented through highly complex processes.
Manual audits cost time and money
Recurring, mostly manual audits, tie up valuable resources and create an unnecessarily high workload. Month after month, quarter after quarter, audit after audit.
Granting authorizations is not the same as verifying authorizations
Developing an authorization policy is rarely the problem. The real question is: Is it truly secure and compliant? Today, tomorrow, and a year from now? A classic example is the trainee on job rotation. They often rotate through every department, are constantly granted new permissions along the way. But those permissions are never revoked.
Our solution
The available solutions for SoD and authorization management in SAP currently fall at opposite ends of the spectrum. Until now, there has been no good middle ground: a solution that is powerful, easy to use, and free from the complexity and high costs of SAP GRC.
SUIM is purely an authorization search tool: it must be populated with your own content and logic, offers little in the way of user-friendliness, and is highly limited. For example, when it comes to automation or continuous monitoring. Functional, but also very labor-intensive without the necessary depth.
SAP GRC, on the other hand, is powerful, sometimes too powerful. However, it requires its own infrastructure, a full-scale implementation project, and a lengthy rollout. These are costs that arise even before the actual license is purchased. Powerful, but “heavy” and expensive.
With the Smarter Access Control Framework, we close exactly this gap: a flexible, holistically integrated SoD & authorization framework on par with SAP. Seamlessly embedded in the smarterSec Security Platform, where the rest of your SAP security monitoring is also located.
Your benefits at a glance:
- Define your own checks: Create your own audit rules, run them automatically, and continuously monitor user permissions and SoDs.
- Seamless integration: Leverages your existing role and permission framework without additional effort, data migration, or process adjustments.
- Always up to date: Continuously expanding, expert-validated standard content that is always up to date.
- Expert support: Request your own checks as standard, including maintenance and validation by the smarterSec team of experts.
Who is benefiting from the Smarter Access Control Framework?
Smarter Access Control delivers real value to both of the business-critical areas:
The business side and IT.
The business
→Minimizing security risks through continuous transparency
→ The current implementation of the authorization concept, including evidence of segregation of duties, is always audit-ready and can be continuously monitored; compliance is ensured, the preparation effort and costs associated with individual audits are significantly reduced
IT (including SAP security administrators and Basis teams)
→ The user interface is based on familiar SAP tools, allowing for immediate use without training
→ Offers greater flexibility and depth of auditing than SUIM, while being less complex to use than SAP GRC
→ Predefined, expert-validated content available out-of-the-box
→ Request custom audit content; maintenance and validation by the smarterSec team included
smarterSec reminder:
Continuous monitoring is no longer just a nice-to-have. It’s a must-have. After all, even those who know their taxes use DATEV* to double-check
*DATEV = Technical infrastructure for German accounting and tax advisory
Future Roadmap
The framework is now available with the smarterSec Security Platform Release 4.10 (May 2026). Additional features will be released on an ongoing basis. The initial go-live will be for ABAP target systems, with other targets to follow. As always, the schedule is subject to change depending on priorities.
Technical “Deep” Dive
Let’s take a quick look at the tool.
You can find it under the “Tools” tab within the smarterSec Security Platform.
In addition to the ILM deletion matrix, you’ll also find the “Authorization Framework” here.
This is where you can map authorization checks and SoDs. The system comes with predefined content from smarterSec, validated by our experts.
The framework supports classic authorization checks, as well as the chaining of multiple authorizations and actions of any complexity. These linkages offer ideal opportunities for mapping SoD checks. From a purely technical perspective, the combination of multiple actions constitutes a check for different responsibilities (Segregation of Duties).
Authorization checks within the framework are referred to as “Actions.”
An example of this is the following “Action” (“Alter tables”).
The “Action – Alter Tables” is an authorization check designed to prevent users from directly modifying tables in production environments.
Each “Action” is located within a previously created “Scope” (in this case, “Tables”). This scope is also part of a so-called “Business Unit” (in this case, “Basis Administration”).
This structure provides a better overview and a clear assignment of the respective checks.
The following hierarchy applies here:
“Business Unit” -> “Scope” -> “Action”.
For our example above, this would be:
“Basis Administration” (Business Unit) -> “Tables” (Scope) -> “Alter Tables” (Action)
The actual definition of the technical check is displayed and defined below the information at the top.
Here, you can visualize authorization checks and SoDs at any level of depth and breadth.
Using the “+” (plus) icons, you can add more depth or breadth. (OR and AND operators)
Step 1: Add additional AND & OR operators
Step 2: View after adding
…Our conclusion
Continuous monitoring is no longer just a nice-to-have. It’s a must-have. Because even if you know your permissions, you still need a tool to keep track of them.
That’s exactly what the Smarter Access Control Framework delivers: more depth than SUIM, less overhead than SAP GRC. Seamlessly integrated right where your SAP security monitoring already lives.
One thing should not be forgotten: SAP security is more than just roles and permissions. Any company that wants to be secure needs a comprehensive strategy. Let’s talk about what that might look like for your organization and how smarterSec can help you achieve it.
Please contact us directly via magnus.ertel@smartersec.com or via our contact formular.
Related topics: smarterSec Security Platform // Managed Security Service for the smarterSec Security Platform