SODPulse
Product Overview & Competitive Analysis

The smarter way to detect
SAP S/4HANA access risk

Zero-install, upload-based SOD analysis for SAP S/4HANA. 410 pre-built rules across 5 industry packs — instantly deployable, no consultants required.

Build April 2026 | SODPulse | 410 Rules Across 5 Packs | Confidential
410
Pre-Built Rules
398
SAP TCodes Mapped
129
Auth Objects Covered
24
S/4HANA Modules
12
Industry Risk Profiles
124
Critical Risk Rules
Why SODPulse
Built different. Deployed in minutes.

No SAP system access needed. No professional services. No annual license negotiation.

Zero-Install Analysis
Upload your SAP authorization export via browser. No agents, no connectors, no SAP system access required. Analysis runs in seconds — not days.
📐
410 Pre-Built Rules
Every rule hand-engineered against real SAP S/4HANA auth objects and field values. Not generic policy templates — precise tCode + auth object + field + value combinations. Industry-specific rules are packaged as separate IS Solution packs applied per org. Oil & Gas (25 rules) and IS Retail (30 rules) are live. Utilities, Pharma, and more are in development.
🌍
Broad Industry Coverage
Two live IS Solution packs: Oil & Gas (25 rules — IS-OIL, JVA, Excise, HSE, Pipeline) and IS Retail (30 rules — POS, MM/Retail, Inventory, Pricing, Loyalty). Additional packs (Utilities, Pharma) in development. One platform that grows with your client portfolio.
🏢
Multi-Tenant SaaS
Serve multiple client organisations from a single platform. Tenant isolation, tiered subscriptions, custom branding per organisation — ready for reseller models.
🔐
Auth-Object Precision
Checks not just tCodes but 129 distinct SAP authorization objects, specific fields (ACTVT, BWART, BEWTP, RLTYP, INFTY…), and risky value combinations — eliminating false positives.
📊
Instant Executive Reports
One-click reports for Board, CISO, and Audit Committee. Risk heat maps, user violation summaries, process-level breakdowns — all formatted for non-technical stakeholders.
Market Comparison
SODPulse vs. the alternatives

How we compare against leading GRC, advisory, and identity governance solutions.

Feature / Criterion
SODPulse
SODPulse
ERP Vendor
Native GRC Module
Big 4 Firm
Advisory Tool
GRC Vendor A
Cloud Platform
GRC Vendor B
GRC Automation
IGA Vendor
IGA Platform
Deployment & Setup
Time to First ResultsFrom procurement to live analysis Minutes 6–18 months Weeks (engagement) 2–6 months Weeks–months 6–12 months
SAP System Connectivity RequiredLive RFC / API connection to SAP Not Required Mandatory Required for live Mandatory Required Mandatory
Professional Services RequiredImplementation / consulting fees None $200K–$800K+ Engagement-based $50K–$200K Moderate $150K–$500K+
On-Premise FootprintServer / agent installation Zero Heavy on-prem Client-side Cloud hybrid Cloud Cloud
SOD Ruleset Quality
Pre-Built SOD RulesOut-of-box, no customisation needed 410 Rules ~180 (generic) Varies by engagement Large library (generic) ~150+ Policy-based
Auth Object + Field PrecisionRules check specific SAP auth fields & values 129 objects Partial Partial Role-based
Custom Z/Y-TCode MappingMap org-specific Z/Y transaction codes to standard SAP equivalents Config-heavy Limited
S/4HANA-Specific RulesNot ECC rules reused for S/4HANA S/4HANA Native Mixed ECC+S4 Client-defined Mixed Mixed IGA-focused
Industry-Specific RulesO&G (25 rules) & IS Retail (30 rules) live · Utilities, Pharma in development O&G · Auto · Mfg Generic + IS add-ons Engagement scope Add-on packs Limited Limited
EHS / PS / Kanban / EDI CoverageNon-core modules often missed Partial Partial
Platform Capabilities
Multi-Tenant ArchitectureServe multiple clients from one platform Limited
Subscription Tier ManagementDemo / Full / Expired tiers per tenant Enterprise-only Enterprise-only
Executive / Board ReportsNon-technical stakeholder output Configurable Basic
User-Level Violation Drill-DownPer-user, per-rule, per-transaction detail Report-based
Data Isolation & Tenant PrivacyEach client's data is fully isolated — no cross-tenant visibility, no third-party data sharing ✓ Full isolation Depends on config Advisory model Shared cloud Shared cloud Shared cloud
Role-Based Access Control (RBAC)Admin, org admin, user tiers
Commercial Model
Total Cost of Ownership (3-year)License + implementation + services Low $500K–$2M+ Engagement-based $150K–$500K $80K–$250K $300K–$1M+
SaaS / Subscription ModelPredictable recurring pricing Perpetual + maint. Project fees
SME / Mid-Market AccessibleUnder $50K total cost realistic Emerging

* Competitor data based on publicly available information, analyst reports, and vendor documentation as of Q1 2026. Pricing and features subject to change.

S/4HANA Coverage
24 modules. Deep process coverage.

410 rules across base pack plus 4 industry packs (Oil & Gas, IS Retail, Fiori/S4, ECC Classic) — spanning 15+ SAP process areas with vertical-specific compliance controls.

💰
Financial Accounting (FI)
GL · AP · AR · Bank · Period Close
32
📈
Controlling (CO)
CCA · IO · CO-PC · CO-PA
25
🏗️
Project Systems (PS)
WBS · Budgets · Settlement · Networks
5
🏦
Treasury (TR)
Cash · Deals · Money Markets
15
🏢
Asset Accounting (FI-AA)
Acquisition · Depreciation · Retirement
15
🛒
Procure-to-Pay (P2P)
PR · PO · GR · Invoice · Payment
19
📦
Materials Management (MM)
Inventory · Valuation · Batch · EDI
15
🚚
Logistics Execution (LE / WM)
Outbound Delivery · WM · Shipping
12
⚙️
Production Planning (PP)
Discrete · Repetitive · Process · Kanban
24
🔬
Process Industries (PP-PI)
Process Orders · COGI · Backflush
5
Quality Management (QM)
Inspection · Usage Decision · Notification
11
🔧
Plant Maintenance (PM)
Work Orders · Equipment · Costs
10
🛍️
Sales & Distribution (SD)
Orders · Billing · Rebates · Warranty
17
💳
Order-to-Cash (O2C)
Revenue · Contracts · Collections
12
👥
Human Capital Mgmt (HCM)
Payroll · HR Master · Leave · Benefits
20
🔐
Basis / Security (BC)
User Admin · Transport · Debug · HANA
21
🌿
EHS (Environment Health & Safety)
Incidents · Dangerous Goods
2
🚗
IS-Auto (Automotive)
JIT · Kanban · Recall · Warranty · EDI
Roadmap
🛢️
IS-OG (Oil & Gas) INDUSTRY PACK
IS-OIL · JVA · Excise · HSE · Pipeline
25
🛍️
IS Retail INDUSTRY PACK
POS · MM/Retail · Inventory · Pricing · Loyalty
30
🔩
Variant Configuration (VC)
Characteristics · Classes · BOM · Config Profile
Roadmap
🏘️
RE-FX (Real Estate)
Lease contracts · Property management
3
🚛
Transportation Mgmt (TM)
Freight orders · Carrier selection
Roadmap
🌐
Global Trade Services (GTS)
Export compliance · Sanctions screening
Roadmap
🏥
Service Management (SM)
Service orders · Contracts · Billing
Roadmap

🔴 Roadmap modules: scheduled for v2.0 release. All currently covered modules are production-ready and validated.

Industry Applicability
Built for your client portfolio

SODPulse includes two live IS Solution packs: Oil & Gas (25 rules, covering IS-OIL, JVA, Excise, HSE, Pipeline) and IS Retail (30 rules, covering POS, MM/Retail, inventory, pricing). Utilities, Pharma, and more are in development.

⚙️ Discrete Manufacturing
Full Coverage
FIPPMMQM PMSDCOPSVC
Key risks: production order fraud, BOM cost manipulation, QC bypass, phantom GR
🛢️ Oil & Gas / Refining
Full Coverage
FIPP-PIMMPS PMCOEHSIS-OGQM
Key risks: process order yield fraud, excise duty evasion, CAPEX project inflation, batch reclassification
🚗 Automotive
Full Coverage
PPSDMMLE QMSDEDIPP
Key risks: JIT call fraud, warranty claim inflation, recall settlement abuse, scheduling agreement manipulation
💊 Pharmaceuticals
IS Pack: Roadmap
FIPP-PIQMMM SDEHSCO
Key risks: batch release bypass, inspection plan manipulation, usage decision fraud, GDP non-compliance
Utilities & Energy
IS Pack: Roadmap
FIPMMMPS COEHSTR
Key risks: CAPEX project fraud, maintenance order manipulation, EHS incident suppression, asset retirement
🏗️ Construction / EPC
Core Rules Apply
FIPSMMPM COHCM
Key risks: WBS cost inflation, project budget manipulation, phantom contractor payments, subcontractor PO fraud
🛍️ Retail / Consumer Goods
IS Pack: Roadmap
FIMMSDLE WMCO
Key risks: vendor invoice fraud, pricing manipulation, delivery-billing bypass, markdown abuse
🏦 Financial Services
Core Rules Apply
FITRCOHCM BC
Key risks: payment fraud, treasury deal manipulation, intercompany posting abuse, payroll ghost employees
🏛️ Public Sector / Government
Core Rules Apply
FIMMHCMBC PSCO
Key risks: procurement fraud, ghost employee payroll, budget manipulation, vendor bank account changes
🧪 Chemicals
Core Rules Apply
FIPP-PIQMMM EHSCOIS-OG
Key risks: dangerous goods classification fraud, batch characteristic manipulation, REACH compliance bypass
🏥 Healthcare
Core Rules Apply
FIMMHCMQM COBC
Key risks: procurement fraud, medical supply diversion, payroll fraud, patient data access (BC)
💼 Professional Services
Core Rules Apply
FIPSCOHCM SDBC
Key risks: project cost padding, revenue recognition fraud, timesheet manipulation, billing rate override
Rule Breakdown
300 base rules (410 total across 5 packs)

Mapped to SAP process areas for structured audit reporting.

Financial Accounting (FI)
32
Production Planning (PP)
20
Human Capital Mgmt (HCM)
20
Procure-to-Pay (P2P)
19
Controlling (CO)
16
Materials Mgmt (MM)
15
Order-to-Cash (O2C)
12
Basis / Security (BC)
12
Sales & Distribution (SD)
12
Plant Maintenance (PM)
10
Logistics Execution (LE)
8
Quality Management (QM)
8
Project Systems (PS)
5
Asset Accounting (FI-AA)
5
Treasury (TR)
5
Risk Distribution
124 Critical. 130 High. 46 Medium.

Every rule classified by financial and compliance impact.

Critical
124
41%
High
130
43%
Medium
46
15%
🛡️
Compliance Framework Alignment
SODPulse rule classifications incorporate principles from SOX Section 302 & 404, COSO Internal Controls Framework, SECP Listed Companies regulations, NBFI guidelines, and ISO 27001 access control requirements — The application is not independently certified against these standards.
🔍
Technical Precision: What Others Miss
SODPulse checks 12 distinct authorization fields beyond just ACTVT — including BWART (movement type), BEWTP (valuation), RLTYP (BP role type), INFTY (HR infotype), AUART (order type), and more. Most tools only check activity codes, missing 38+ rule conditions that require field-level specificity.
Premium Audit Module
Six-Pillar Workbench for Deep SOD Analysis

Beyond standard SOD detection — comprehensive audit module with ITGC workpaper and sign-off workflows.

📊
SOD Summary Dashboard
Executive overview with risk heat maps, process-level breakdown, user risk profiles. Creator/Reviewer/Approver sign-off blocks for audit trail.
🔐
Sensitive Data Access Review
Detects read-level access to HR Payroll (P_ORGIN, P_PERNR), Compensation (C_STUE_BER), Pricing (M_EINF_EKG), Table Maintenance (S_TABU_DIS), and Development Objects (S_DEVELOP). Wildcard detection (ACTVT=*) with user-by-user findings.
⚠️
Privileged Access Control
Flags SAP_ALL, SAP_NEW, S_TCODE:*, Basis roles (S_A.*, SAP_BASIS_*), and critical write-level authorizations across FI/MM/PP/SD/HR modules.
📦
Direct Assignment Analysis
Detects direct auth-object assignments bypassing role-based controls. Proxy pattern identification for shadow authorization structures.
🧩
Composite Role Detection
Cross-role SOD analysis. Flags toxic role combinations (harmless alone, conflicting together). Root-cause attribution for remediation planning.
📝
ITGC Workpaper Generator
16 controls across 4 COBIT domains (Access Controls, Security Design, Change Management, Monitoring & Logging). Auto-populated from analysis data. Manual fields for auditor notes. Firestore-backed persistence. Print-to-PDF with SODPulse + org logos.
💡
Premium Extract Required
Sensitive Access and Direct Assignment pillars require Premium ABAP Extract which retains display-only (ACTVT=03) rows for sensitive authorization objects. Standard extract filters these at source. Use the ABAP Generator Gen2 tab for premium extraction code.
Industry Packs — Live & Ready to Deploy
410 Rules Across 5 Specialized Packs

Base generic rules + vertical-specific controls for SAP IS solutions and compliance frameworks.

🏭
Base Pack (LIVE)
300 rules covering FI, MM, SD, PP, HR, Basis, CO, PM, QM, LE, PS, TR, FI-AA across S/4HANA and ECC. Prefix: SOD-001 to SOD-305. Risk-classified: 124 Critical, 130 High, 46 Medium.
🛢️
Oil & Gas IS-OIL (LIVE)
25 rules for IS-OIL module conflicts. Joint interest billing, volumetric pricing, royalty accounting, product allocations. Prefix: OG-001 to OG-025.
🛒
IS Retail (LIVE)
30 rules for Retail-specific transactions. Article master creation/pricing, store replenishment, markdown/promotion conflicts. Prefix: IR-001 to IR-030.
🌐
Fiori / S/4HANA Apps (Ready)
31 rules for Fiori Launchpad apps and S/4HANA-specific T-codes not in ECC. Universal Journal, Central Finance, embedded analytics conflicts. Prefix: FI-001 to FI-031. Ready to deploy.
🏛️
ECC Classic (Ready)
24 rules for ECC-only T-codes deprecated in S/4HANA. Legacy FI posting paths, classic WM transactions. Prefix: EC-001 to EC-024. Ready to deploy.
🚧
Roadmap Packs
Pharma/Life Sciences (GxP compliance, batch release, QM) · Financial Services (Basel III, IFRS 9, Treasury) · Utilities (IS-U billing, CCS) · FMCG/CPG (Trade Promotions, Rebates) · Construction/EPC (PS-focused, project accounting).
Free Tools
ABAP Code Generator — Public, No Login Required

Production-ready ABAP extraction reports. Copy. Paste into SE38. Execute. Download CSV.

Generator 1 — Standard SOD Extract
Canonical extraction report ZBS_USER_ROLE_AUTH v4.2. Joins AGR_1251, AGR_TCODES, AGR_USERS, USR02, ADRP. Filters display-only ACTVT at source. 15-field whitelist. Public access.
Generator 2 — Premium Sensitive Access
Two-leg extract: Standard SOD + retained 03 rows for 6 sensitive objects (P_ORGIN, P_PERNR, C_STUE_BER, M_EINF_EKG, S_TABU_DIS, S_DEVELOP). Same CSV schema. Full-client access only.
Generator 3 — Z-TCode Audit
Two-column extract: custom T-code (TCODE) + child T-code (CCODE). Maps Z/Y-prefix codes to underlying standard transactions via TSTCA. Demo-approved access and above.
Generator 4 — Delta / Incremental
Same as Gen1 with AGR_USERS.FROM_DAT and TO_DAT date filters. For periodic re-audits tracking authorization changes since last review. Demo-approved access and above.
🔗
Public URL: sodpulse.com/abap-generator.html — Syntax-highlighted ABAP output. Split-by-row-count mode with user-boundary-aware splitting. Timestamped filenames. No authentication required for Gen1.
Security & Privacy
68-Point Security Checklist — Public Disclosure

Detailed security controls documentation for enterprise due diligence and FSI compliance reviews.

☁️
Infrastructure
Firebase/GCP SOC 2 Type II. Multi-region replication. 99.95% SLA. DDoS protection.
🔐
Encryption
TLS 1.3 in-transit. AES-256 at-rest. HSTS enforced. SHA-256 hashing. Key rotation automated.
👥
Access Control
Role-based auth. MFA available. Admin SDK provisioning. Firestore security rules per org. Session timeout enforced.
📄
Full Checklist: sodpulse.com/security.html — 12 control domains including Data Handling, Sub-Processors, Compliance Certifications, Incident Response, Business Continuity, and Vulnerability Management. Updated quarterly.
Technical Architecture
Built on Firebase. Deployed globally.

Enterprise-grade infrastructure with zero on-premise footprint.

☁️
Firebase / GCP Infrastructure
Hosted on Firebase Hosting + Firestore + Cloud Functions. Built on SOC 2 compliant GCP/Firebase infrastructure. 99.95% SLA. Globally distributed CDN with sub-100ms load times.
🔒
Data Security Model
Authorization data is processed in the browser. Optional file retention available for audit trail (opt-in per organization). Tenant isolation enforced at Firestore security rule level. Admin SDK-controlled user provisioning.
📁
Input Format Flexibility
Accepts CSV exports from SAP SE16N or any AGR_1251-based extract. Handles UTF-8 BOM, missing columns, and non-standard field orders gracefully. Custom Z/Y-TCode mapping is supported at the org level — administrators map organisation-specific transaction codes (e.g. ZMM01 → MM01) so custom T-Codes are correctly evaluated against the full rule set. Exact-match substitution; wildcard matching not supported.
🏢
Multi-Tenant Management
Separate organisations per client. Admin portal for user management, subscription tiers, custom branding, org settings. Org registration supports flagging of SAP IS Solutions (Oil & Gas, Automotive, etc.) to apply relevant rule packs. Demo, Full, and Expired access tiers with configurable durations.
📊
Report Outputs
Executive summary, user violation detail, process-level breakdown, risk heat map. Print-to-PDF for audit trail and management letters. All reports printable to PDF. Embeddable charts for board packs.
🚀
Roadmap — v2.0
Planned: Multi-Regional Data Residency (GCC, EU, US regions) · Supreme Analytics Module (5 advanced views) · Collaborative Remediation Tracker · IS Packs for Utilities, Pharma, FMCG, Financial Services · Scale Architecture (Firestore process-and-store for 10,000+ users) · Additional SAP modules (TM, GTS, SM) · Compliance tagging.
SODPulse
SAP SOD Analyzer · Build April 2026
SODPulse
sodpulse.com  ·  Confidential — For Sales & Due Diligence Use