Access Manager for Support Organisations 

Authorization Management for SAP Competence Centers and Support Organizations

SAP Certified Powered by SAP Netweaver

The Access Manger for Support Organisations is part of our software package SUIM-AIM.

Big Picture

The Access Manger for Support Organisations (AMSO) is a central authorisation management system which has been specially developed for large support organisations and SAP Competence Centres. These usually require cross-organizational rights to certain systems and functions in order to be able to support end users competently and quickly. AMSO enables you to centrally manage authorization elements and authorizations, especially for super users, technical users and consultants. Our Quality Cockpit helps you to eliminate inconsistencies in roles and profiles. Thus you are sure that your authorization concept is not only correct on paper but also in your systems.

  • AMSO enables you to manage the entire SAP product range (regardless of release) from a central system.
  • AMSO manages, generates, and transports SAP roles, profiles, OLAP profiles, or other groups for you throughout the entire system landscape.



With the SUIM-AIM Suite, you have an efficient tool for managing the entire user lifecycle.

The AMSO module enables you to

  • Simple administration of authorization assignments for support managers, super users, technical users and consultants from a central system.
  • Authorizations can be distributed to SAP and non-SAP systems such as LDAP.
  • Desired support roles for the specific systems are selected in a clear authorization matrix. After an automatic risk check in the optional Compliance Enforcer module, AMSO transparently executes the provisioning of authorizations. Cumbersome authorization requests are a thing of the past.
  • A fast and cost-effective adjustment of authorizations at company level. You can adapt complex authorizations at short notice and thus efficiently take advantage of market opportunities. Restructuring as well as mergers & acquisitions can be carried out in the SAP system as quickly as possible.



Authorization Matrix

  • In a single screen, your authorization manager can perform all the tasks typical of his or her role. In addition to assigning target authorizations to an SAP user, you can also trigger the Segragation of Duty (SoD) check and the approval process.
  • AMSO gives you the option of assigning authorizations based on rules (including periodically recurring authorizations).
  • The structuring according to AMSO system and AMSO support roles enables the very ergonomic representation as an authorization matrix.


  • An AMSO role is a useful combination of authorization elements (ERP, BI, structural authorization, organizational management objects, active directory, and so on).
  • Through the integration of the two dimensions system architecture and authorization elements, the often complex authorization requirements can be mapped flexibly as support roles and at the same time the operational lifecycle management is considerably simplified..

Role transport

  • The distribution of authorization elements for a user is performed in real time and directly in the target system. This ensures that the user only has the target authorizations. Temporary unavailability of a target system is also compensated by appropriate queuing.
  • Roles can also be assigned time-dependently according to rules and intervals.

AMSO-Organisations, AMSO-Systems and AMSO-Role cataloge

  • The structuring through organizations, systems and catalogs enables on the one hand a very simple implementation of the requirements and on the other hand also very complex requirement scenarios can be mapped cleanly.


  • One or more logical systems can be defined as AMSO systems. This allows certain logical systems to be combined and grouped, such as all development systems or all systems with client 000. This high degree of freedom makes it possible to assign authorizations quickly and correctly across systems.

Mass maintenance

  • Changes to roles or the integration of a new system into the system landscape often result in very large adjustment requirements. Thanks to the mass distribution of users using AMSO, the workload is reduced to a minimum.

Massen-Role dispatching

  • With AMSO, you can check the status of your roles across systems and, if necessary, transport roles to the systems.
  • Roles that are no longer used can be archived for security and auditing purposes.

Risk Analysis

  • When an authorization or BI profile is assigned to a user, the system can automatically check whether this results in a constellation that contradicts the defined SoD rules.
  • Authorizations that are classified as critical and critical actions are displayed..

User Lifecycle: AMSO-Workplace

The AMSO authorization matrix is the most frequently used tool in User Lifecycle Management. It is used to display and mutate all authorization assignments to SAP users. The SoD and risk checks as well as the defined workflow process steps from the request through approval to the physical assignment of authorizations on the decentralized systems are also triggered from this matrix. The authorization matrix can be used both via the Web and via the SAP GUI.

Access to the authorization matrix and all other functions of the Access Manager for Support Organizations is via a clearly structured

AMSO Workplace