SAP Security & GRC

Hosted by Soterion

Technology

Website RSS feed

Episodes

Latest episode

Apr 2026

Language

EN-ZA

About the show

Soterion’s SAP Security & GRC podcast with host Dudley Cartwright, helping you on your journey to effective access risk management in SAP. Soterion is an international leading provider of GRC and FUE Licensing solutions for organisations running SAP. Our user-friendly, plug-and-play software integrates immediately into the SAP environment — S/4HANA ready, award-winning, and designed to translate complex GRC processes into business-friendly language. Soterion believes that effective GRC is measured by how well business users can manage access risk. Our solutions empower organisations to enhance risk awareness, drive better decision making, and build accountability across every level of the business — because access risk is business risk.

Listen to episodes

34 recent

April 28, 2026Episode 726 min

Technical Series: Using LSMW in SAP Authorisation Management

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this episode, Ross Robertson and Wehmeyer Ferreira, SAP Senior Authorisations and Security Consultants at Soterion, walk through how to use the Legacy System Migration Workbench (LSMW) to perform mass maintenance of data subjects in SAP – specifically focused on bulk role deletions within the authorisations space. Key Takeaways: What LSMW is and how it fits into SAP authorisations administration How to set up and configure an LSMW recording for batch processing How to perform mass role deletions across hundreds of roles using a structured input file How to review batch results and handle errors after execution Why LSMW is a time-saving alternative to manual PFCG processing If you are managing SAP role administration, authorisations, or security and looking to reduce manual workload through automation, this episode is for you. Featuring: Ross Robertson – Senior SAP Authorisations Consultant, Soterion Wehmeyer Ferreira – SAP Senior Authorisations and Security Consultant, Soterion Connect with Soterion: More Podcast Episodes: https://soterion.com/podcast/ Website: https://soterion.com/ LinkedIn: https://www.linkedin.com/company/soterion/

March 31, 2026Episode 613 min

Technical Series: How to Create and Maintain Fiori Spaces & Pages

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this session Ross Robertson focuses on the creation, maintenance, and administration of Fiori Spaces and Pages, which determine how SAP Fiori applications are organised and presented to end users. 🔑Key Takeaways: • Fiori Spaces are the top level of the Launchpad structure and are used to organise business functions for end users. • Pages and Sections help structure apps within a Space, making it easier for users to navigate and access the tools they need. • Fiori Tiles are placed inside Sections and represent the individual applications users interact with. • Keeping configurations lean and well-structured improves SAP Fiori Launchpad performance and reduces load times. • Both Fiori Catalogues and Spaces must be assigned to roles to ensure users can access the correct apps in the Launchpad. Through this walkthrough, viewers gain a practical understanding of how to configure Fiori Spaces and Pages effectively, ensuring users can quickly access the applications they need while avoiding performance issues caused by over-allocation of tiles and target mappings. Don’t miss out on insights from: Ross Robertson – Senior SAP Authorisations Consultant - Soterion For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

February 10, 2026Episode 510 min

Technical Series: How to Create and Maintain SAP Fiori Catalogs

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.In this short, practical session, Ross Robertson will walk through how to create a custom SAP Fiori catalog to give users access to specific apps, tiles, and target mappings — using SAP-recommended best practices.Key takeaways:· An overview of SAP Fiori catalogs and their role in authorisation and UX· How to create custom catalogs using Fiori Content Manager· Why SAP technical catalogs should be used as references· How to identify the correct tiles and target mappings via the SAP Fiori App Library· A simple but critical service check to prevent broken navigation and OData issuesDon’t miss out on insights from industry expert:· Ross Robertson – Senior SAP Consultant - SoterionFor more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

December 2, 2025Episode 424 min

Technical Series: How to Make use of SAP SU24 Variants

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this session, we walk through a practical, real-world demonstration of how SU24 authorization defaults and SU24 variants can significantly reduce manual maintenance when building SAP roles. Using the widely-used MIGO transaction as an example, we show you how different business processes (such as Goods Receipts and Goods Issues) often require different movement types — and how SU24 variants make it possible to standardise and automate these differences cleanly. What you’ll learn from this episode: 🔹 How SU24 authorisation defaults work and why they’re essential for effective SAP design, with a low support burden. 🔹 The problem with repeated manual maintenance when using MIGO across multiple roles 🔹 How to create and transport SU24 variants for different business scenarios 🔹 How variants ensure consistency across role builds while reducing effort and risk 🔹 A step-by-step walkthrough of building two roles using variants for GR and GI Don’t miss out on insights from: Emile Steyn - Business Unit Manager – Soterion Benelux Ross Robertson – Senior SAP Authorisations Consultant - Soterion

December 2, 2025Episode 38 min

Technical Series: How to Build SAP Single Roles

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In our latest technical series episode, we unpack one of the most important building blocks in SAP authorisations: single roles. Our experts explore the different ways organisations design single roles to balance provisioning efficiency, SoD risk reduction, and long-term maintainability. Key Takeaways: 🔹 The difference between task/functional roles and value/enabler roles 🔹 Why some companies prefer job-role-based design for easier provisioning 🔹 The hidden pitfalls of job roles — including SOD risk and over-allocation 🔹 How parent & derived roles simplify maintenance across large landscapes 🔹 The role methodologies that influence risk, licensing and long-term scalability Don’t miss out on insights from:Emile Stey - Business Unit Manager – Soterion Benelux Cameron Mattison – Senior SAP Authorisations Consultant - Soterion Ross Robertson – Senior SAP Authorisations Consultant - Soterion For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/

November 11, 2025Episode 28 min

Technical Series: Authorisation Default Values

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In our latest technical podcast episode, we dive deep into a crucial piece of the SAP authorisation puzzle — authorisation default values. You’ll discover: How authorisation defaults determine which checks are performed during transaction execution The difference between SAP standard defaults (SU22) and customer-specific defaults (SU24) How to handle complex transactions like MIGO with multiple business functions Why fine-tuning these defaults helps avoid over-assignment and license exposure Don’t miss out on insights from industry experts:Emile Steyn, Business Unit Manager – Soterion Benelux Ross Robertson – Senior Consultant - Soterion For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

November 11, 2025Episode 112 min

Technical Series: Basic SAP Authorisation Concepts - SAP Transactions & Fiori Applications, Authorisation Objects, Fields and Values

Watch or listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. Introducing Our Technical Series: The Building Blocks of SAP Role Design. In the first episode of our new Technical Series, we unpack the foundations of SAP authorisations — what they are, how they function, and why they matter. In this episode, we explore: The different ways users access functionality in SAP (transactions, Fiori apps, RFCs, etc.). How authorisation objects and field values govern access at a granular level. The link between authorisation precision and license optimization. Why aligning authorisations with business objectives is key to secure, efficient operation. Don’t miss out on insights from industry experts: Emile Steyn, Business Unit Manager – Soterion Benelux Ross Robertson – Senior SAP Consultant - Soterion For more episodes, visit: https://soterion_sapsecuritygrc.buzzsprout.com/

September 8, 2025Episode 2730 min

Relevance of Job Role Standardisation Under SAP's New STAR Licensing Measurement

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. As organisations move to S/4HANA and SAP Cloud ERP Private (RISE with SAP), the question of job role standardisation has never been more important. The debate: Do the benefits of job role standardisation outweigh the drawbacks? In our latest episode, we explore: The advantages of job role standardisation (simplified onboarding, governance, cost savings) The pitfalls (over-assignment, increased SoD risks, inflated license costs) Why SAP’s new STAR measurement program changes the game — making license costs a critical consideration Practical recommendations for organisations planning their S/4HANA journey Don’t miss out on insights from industry experts: Roy Mutsaers, Director – axl & trax Dudley Cartwright, Managing Director - Soterion Emile Steyn, Business Unit Manager – Soterion Benelux For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

August 4, 2025Episode 2626 min

How to Enhance Business Ownership of SAP Access Risk

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. One of the biggest challenges in managing SAP access risk is getting the business to take ownership. In this episode, we explore: Why business users often don’t engage with access risk The role of process design and education How technology can empower business ownership And the rising impact of SAP license visibility Whether you’re in audit, risk, IT or compliance—this is one you’ll want to share with your business stakeholders. We are joined by Soterion experts: Emile Steyn, Business Unit Manager - Benelux Cameron Mattison, Senior Authorisations Consultant For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/

April 14, 2025Episode 2531 min

Policies & Procedures for SAP Access Risk Management

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP. In this episode we engage in insightful conversation on why Policies and Procedures are more than just compliance checkboxes - they’re business enablers. Whether you’re starting from scratch or updating existing Policies and Procedures documentation, this episode is packed with relatable stories, expert tips, and pragmatic advice to help you drive better control, faster approvals, and greater business buy-in. We are joined by the following industry experts: Andreea van Haaren, EY Sweden Emile Steyn, Soterion For more episodes visit: https://soterion_sapsecuritygrc.buzzsprout.com/