INOSSEM

In-Depth SAP ERP User Analysis Report (Fully Anonymized Version)

Executive Summary

This analysis aims to assess the current state of system usage, identify potential risks, and provide data-driven support for management decisions by conducting an in-depth analysis of the login activities, permission assignments, and operational behaviors of **8,000 users** in the SAP ERP system. The analysis found that approximately **18% (1,440) of the total users** have never logged in over the past year, constituting "zombie accounts." Additionally, some active users have been granted an excessive number of composite roles (over 15), increasing the risks of unclear Segregation of Duties (SoD) and internal control weaknesses. Furthermore, a few "super accounts" with abnormally high login frequencies (indicating possible account sharing), "suspicious accounts" with frequent off-hours logins, and "dormant high-privilege accounts" with significant permissions but no recent activity were identified. From a functional usage perspective, core transactional functions like Finance (FI) and Materials Management (MM) show high adoption, whereas the utilization of specialized functions such as Project System (PS) and Plant Maintenance (PM) needs improvement outside of specific departments, suggesting opportunities for process optimization and targeted training. This report will detail the analysis results and propose specific optimization recommendations.

Key Metrics Dashboard

8000

Total Users

6560

Active Users

1440

Inactive Users

512

High-Risk Users

User Status Distribution

Top 10 Business Units by Active Users

Active User Distribution by Core Module

Active User Distribution by Core Function

Risk Type Distribution

In-Depth Insights & Recommendations

Account Lifecycle Management Initiate a cleanup process for the 1,440 inactive users. After confirming with business departments, lock or delete these accounts to reclaim licenses. Concurrently, conduct an urgent review of the 180 "dormant high-privilege accounts" to immediately revoke their permissions or accounts.
Permission Compliance & SoD Review Identified 388 users with over 15 composite roles. The internal audit team should conduct an SoD conflict analysis for these users, adhering to the "Principle of Least Privilege" to remove unnecessary roles. Pay special attention to users with a high "roles-to-logins" ratio, as their permissions are likely redundant.
Abnormal Behavior Monitoring Discovered 27 "suspected shared accounts" and 135 accounts with frequent "off-hours logins." Investigate these accounts immediately, reinforce the "one user, one account" policy, and verify the business justification for off-hours access to prevent unauthorized activities.
Enhance System Adoption Depth & Breadth System adoption for certain business units (e.g., "Technology R&D Center") and specific business functions (e.g., Project Management, Plant Maintenance) needs improvement. We recommend targeted training to promote the ERP's core functionalities, address user operational challenges, and facilitate deeper integration between business processes and system capabilities to maximize ROI.

High-Risk User List

Active User List

Inactive User List

High-Risk User List

These users have been identified due to excessive permissions, abnormal behavior, or holding high-privilege access while being inactive. They require priority review.

User ID	Name	Business Unit / Dept.	Annual Logins	Composite Roles	Risk Tags

Active User List

Users who have logged in within the past year. These are the core users of the system.

User ID	Name	Business Unit / Dept.	Annual Logins	Composite Roles	Core Module	Core Function

Inactive User List

Users with no login activity in the past year. These accounts should be reviewed for retention.

User ID	Name	Business Unit / Dept.	Composite Roles