SAP S/4HANA AUTHORISATION CONCEPT

At a time when data is increasingly regarded as a company’s most valuable asset, clear access authorisations are becoming increasingly important, especially in large organisations with complex structures. An effective authorisation concept is therefore essential to ensure the security and integrity of data while supporting the efficiency of workflows. As part of the SAP S/4HANA implementation, the development of a comprehensive authorisation concept plays a crucial role in regulating data access and ensuring company-wide data integrity.

The challenge of implementing an SAP S/4HANA authorisation concept

Security, flexibility and speed - achieving these three goals at the same time is rarely possible.

Even in a classic SAP system, the introduction and continuous updating of authorisations should not be underestimated. The design and implementation of clear authorisation structures with SAP S/4HANA, on the other hand, is a far more demanding challenge.

When switching to SAP S/4HANA, not all familiar transaction-related authorisations will be available. At the same time, SAP S/4HANA will be expanded to include the possibilities of app-based authorisations.

A combination of old transactional authorisations and the new app authorisations must therefore be created in a future-proof authorisation concept.

Procedure: As-is analysis of the existing authorisations

The first step is to determine which areas of the company work with which authorisation concepts. In addition, the important question arises right at the beginning as to whether and, if so, where there are potential risks.

SPIRIT/21 specialists can determine the current status in a comprehensive analysis. The following questions form the basis for this:

• What areas of validity do the authorisations need to cover - nationally and internationally?
• Do country-specific requirements need to be taken into account?
• Which areas of work must be covered with which depth of authorisation?
• How are the authorisations divided up? Which are available as transactional authorisations and which are only available as app authorisations?
• Are all technical requirements for the app authorisations fulfilled? E.g. front-end system with connection to the back-end system, set-up of the UI2 OData services, access to the SAP FIORI Launchpad, etc.
• Can all requirements be met using standard SAP tools or are additional tools required?
• Should the concept follow a template approach?

Implementation of the customer project

In order to design the combinations of different authorisations defined in the concept, all technical connections must be made in the first step. Once these are in place, the transaction-based authorisations can be combined into roles as before.

In order to supplement these with the new app-based authorisations, access to the SAP FIORI Launchpad must be made available.

Roles can now also be created for the new app-based authorisations using the app catalogues and groups supplied by SAP or designed by the company itself. These roles have nothing to do with the previously known roles in the transactional authorisations!

In order to make these new roles available to users, the authorisations must then be maintained and checked.

In the final step, a comprehensive test of the assigned authorisations is carried out. As a final check, this should also include a ‘negative test’ - i.e. a check that not too many authorisations have been assigned.

Advantages of an authorisation concept for SAP S/4HANA

This procedure provides you with an important and comprehensive concept of the new authorisation combinations for system checks. The scope of authorisations is also documented and can be updated at any time for auditing purposes. This gives you a centralised and therefore easy-to-control authorisation system.