Authorizations Management

Access Manager for Support Organizations

Access Manager for Support Organizations (AMSO) is a central authorizations management system for support and technical users.
Solution is SAP certified - integration with SAP S4/HANA

SUIM's Access Manager for Support Organizations (AMSO) is specifically designed to meet the needs of your support organizations (e.g. Competence Centers). While end users usually work in a single business unit across multiple systems (e.g. controller, HR business partner), support users (e.g. consultants, developers, or technical users) require access across multiple business units on specific systems.

AMSO is system-oriented, not organization-oriented. With AMSO you can create systems or system clusters that are assigned through an approval workflow or automatically. AMSO also allows you to easily combine different sets of authorizations in one business role across different systems (productive versus non-productive systems).


AMSO provides wizards to setup your support access landscape efficiently. Once your system landscape and support authorizations are customized, AMSO helps you save time by enabling you to assign support access across all systems from one central matrix, with one click. Support users can get to work immediately from day 1 with all their necessary authorizations.


Use AMSO to organize your internal and external support users flexibly. AMSO allows you to integrate your system landscape easily and to connect new satellite systems (e.g. ABAP, SAP HANA, Cloud) quickly and securely.


AMSO's intuitive authorization matrix is an innovative way to conveniently manage and display support authorizations across systems and teams (support / technical). Assigning complex permissions to support users is straightforward with AMSO and can be easily mastered by your system administrators. Furthermore, support users can request essential authorizations for their day-to-day operations via AMSO's self-service function.

Integration with 3rd parties products

Third-party products corresponds to all SAP and non-SAP, on-premises or cloud IT solutions/products for which this SUIM product has been interfaced / integrated. Each of theses connectors will be delivered within this SUIM product

Integration in other SUIM products

The other SUIM products are the other SUIM modules, which are not part of this solution, but for which integration adds value.
TOP 5 Features

Filter the matrix by action(s)

You need an authorization for an action (transaction, Fiori App, service, RFC function, etc.. )? AMSO makes it simple: a single filter narrows down the choices for a permission request by showing only the target systems and AMSO roles that can give access to that action.
Read More
Inherent role transport solution

A function that allows you to know which systems an authorization element is used can be displayed. In the same way, SUIM's integral transport program allows you to transport the roles from an original system to multiple system(s).

Templates management

An authorization template is a pre-designed AM or AMSO roles over the system landscape that outlines the rules and regulations for granting access to a resource. It is useful for ensuring that the authorization process is consistent and efficient.

Request/assign roles using copy feature

Sometimes, a new employee requires the same permissions as their colleague. For these cases, a whole process of provisioning rights per copy (full copy or enhancement, provisioning from a date, copy of a source user or a template, etc.) has been created.

Integration with the Identity Manager

Integration with Identity Manager allows for the deletion of AMSO roles and all in included support authorizations elements assignments to a user, at the correct date in the event of an organizational transfer or leaving action.

Integration with Business Role Validator

The integration with the Business Role Validator enables you to revalidate periodically critical support roles by either role owners or managers.

Integration with other SUIM applications

The integration with other SUIM applications increases the efficiency and functionality: 

  • With the integration of Business Role Validator (BRV), it enables you to revalidate periodically critical support roles by either role owners or managers.
  • With the integration of Identity Manager (IM), it allows for the deletion of AMSO roles and all support authorizations elements assignments to a user, at the correct date in the event of an organizational transfer or leaving action
  • With the integration of Compliance Enforcer (CE), it is possible to run risk checks and SoD violations.

Support roles often contain critical authorizations. Therefore its important to guarantee only the allowed users have access to these roles. With AMSO different kind of authorization workflows can be designed in order to ensure a 4-eyes principle or even to create multistage WFs with different approvers (e.g. role owner, supervisor, security etc.).

Time-based role to user assignments

Define the validity of user to role assignment based on your requirements. Various time variables are available:

  • Fixed time period (from to)
  • Role provisioning beginning on a future date
  • Time series (authorize revisions based on your audit schedule - e.g. every September to October)

Discover SAP services and solutions tailored to your business needs.

With dozens of tools at your disposal, we customise a best-fit solution to meet your business’s needs. Request a consultation with our expert team today.
Get in Touch