Access Rights with No Ifs, Ands, or Buts

Feature Article | February 8, 2005 by admin

Digital identities come into existence quickly and everywhere in a company – when a new employee is hired or a business partner is to receive access to relevant information. But the users of an IT system are anything but homogenous. They differ in their activities and their rights: they have their own identities. Many companies today still manage identities manually and in a decentralized manner. User accounts are entered, modified, and deleted in various companywide systems. When new employees come to the company, their master data, information on the person, and the position is first entered into the human resources system, such as mySAP ERP Human Capital Management (mySAP ERP HCM). It can then take several days or even weeks until users receive access to the applications relevant to them.
When employees leave a company, their personal data is archived or deleted, but their access rights to systems and data might not be. This is a tremendous security risk. Studies indicate that up to 70 percent of former employees are still able to access the internal data of their former employers. Decentralized data maintenance demands a great deal of time and effort; it also leads to inconsistencies. To retain a competitive advantage, companies must find a solution that enables them to provide all users with the information and applications important to them in good time and based upon their roles. And that requires the flexible assignment of access rights that can be modified when needed.

Flexibility with Open Source Software

Open source software promises important advantages to companies that work with SAP, especially for identity management. Independence from a specific manufacturer and stability speak for open source software. It also significantly reduces procurement, licensing, and maintenance costs. In the area of open source software, SAP has long collaborated with Novell. For example, Hella AG was able to reduce its total cost of ownership by 30 percent when it consolidated SAP solutions on a Fujitsu-Siemens Flexframe cluster with Suse Linux Enterprise Server 8. And companies like Siemens Business Services count on the combination of SAP and Suse Linux, the scalable platform for enterprise applications under Linux and open source software. Suse Linux AG, a business unit of Novell since January 2004, offers server and desktop solutions that include support, training, consulting, and indemnification clauses for users.
The integration of systems, data, and applications can enable central management of identities with a great deal of flexibility. If isolated identities are created and maintained for each application, as is the case in many companies, heterogeneous infrastructures and redundant data result. These problems lead to lost security and a great deal of time for maintenance.

Integration

Integration

With its Nsure Secure Identity Manager, Novell provides a complete solution for integrated identity management. It allows a company to enjoy the central management of identities and can be easily integrated into existing IT environments. The solution includes functionalities like single sign-on, access control on Web servers and portals, and user provisioning that links users to the applications they need for their individual work. The applications can include databases, e-mail and network accounts, telephone connections, notebooks, and mobile telephones. Novell works with the open interfaces of SAP. Novell Nsure offers SAP users who have so far managed and distributed identities and access rights manually across various systems an option for a simpler design. It can automatically synchronize master data on users according to users’ specific roles and rights across all SAP and non-SAP applications.

Role-Based Storage and Distribution of Identities

The basic module of Novell Nsure is Novell eDirectory. This central, scalable directory service can store and manage all identity information, user accounts, and access rights on all users, end devices, applications, and services. When a new employee is created in mySAP ERP HCM, the new user ID is simultaneously created automatically in Novell eDirectory. The identity can then be transferred simply and as a role to other systems and applications, like mySAP ERP Financials or Lotus Notes. The transfer occurs over the Subscriber Channel. The rights to own, modify, and delete the data always remain with the mySAP HR administrator – the transferred data is simply copied. When an employee leaves the company, all access rights are immediately and automatically recalled.

User Information Management

User Information Management

The SAP tool for central user administration (CUA) can handle the management and distribution of identity information among SAP application components. However, difficulties often arise when data from non-SAP applications is to be transferred. Administration then becomes extremely involved because roles and profiles can’t be synchronized automatically. But Novell Nsure uses a publisher channel to import and synchronize identity data from all the connected, companywide systems and applications with Novell eDirectory. Companies that use CUA can also use Novell Nsure in parallel without further ado. As an open standard, XML enables a high level of interoperability in the process. Special politicizes control the automated processes according to the previously defined roles and access rights of users. Corrective functions help ensure compliance with legal requirements for data protection and security, as well as internal security guidelines.
With open source software and identity management, companies save time and cut costs, and their employees work more productively – right from the beginning. The problems of inconsistent data no longer arise because data entry remains where it belongs – with the mySAP HR administrator responsible for it. Altogether, Linux and identity management provide the preconditions for the long-lasting, flexible design of IT structures to enable any kind of changes quickly, adequately, and with a minimum of resources.

Michael Naunheim

Michael Naunheim

Tags: , , ,

Leave a Reply