Before migrating old ERP authorizations to the new S/4HANA system, project owners must ask countless, but crucial questions. However, many companies leave security and compliance for last. This is a mistake: These aspects should be included in the migration strategy right from the get-go.
Security questions are inextricably linked to the improved user experience offered by FIORI and must therefore take center stage to ensure a successful S/4HANA conversion.
Comprehensive changes for authorization management and SAP roles
The migration to S/4HANA is not simply an upgrade to a new version; rather, it is accompanied by a substantial number of changes to requirements on designing roles and on system security in general. During a successful migration, each company is faced with new, often undefined challenges at the level of roles and security. A methodical approach must first be taken to analyze and then implement these new challenges to ensure the company is completely protected right from the beginning.
Before migrating the authorization concept, the central issue is what type of approach is chosen.
S/4HANA authorizations: Which approach – brownfield or greenfield – is right for you?
What are the differences between the two approaches? What advantages and disadvantages can be identified?
- Under the brownfield approach, the old authorizations are to migrated the new S/4HANA system. Old roles are updated and reassigned 1:1.
- Under the greenfield approach, a new authorization concept is developed, in addition to concepts for new work centers and new workflow processes.
Brownfield approach: Less effort towards concept planning, but more work later due to the migration of legacy issues
The primary advantage of the brownfield approach is that you take your roles and authorization concept with you. When updating the roles to adjust for changed or deleted transactions, new FIORI tiles, transactions that only work with FIORI, and alignment of CCMS data from the legacy system, making good decisions means end users are not subjected to major changes. Acceptance is therefore generally very high. Likewise, effort put toward new concepts is much lower in comparison with the greenfield approach.
However, the advantages of a brownfield approach are the root cause of its disadvantages. This is because the initial roles are based old, historical structures, meaning that the migrated roles do not conform to the standard. The problem is compounded by the fact that some transactions can no longer be used with SAP S/4HANA. And, there is no clear way to determine which new transactions should be added to the roles. In turn, the authorization concept must be reviewed as to whether it meets the new S/4HANA requirements or needs adjustment.
Greenfield approach: Squeaky clean S/4HANA authorizations vs. intensive planning phase
In contrast to the brownfield approach, the greenfield approach is dependent on creating a clean, new concept. It is precisely this additional effort that is the advantage. By reassigning the transactions, new business processes can be introduced, including new work centers with the authorizations that are actually needed. As a result, lean work centers can then be assigned based on clean S/4HANA processes and purposeful deployment of the new FIORI user interface.
This substantially higher effort needed for the greenfield approach is its disadvantage. In addition, the knowledge related to the new transactions and FIORI tiles as well as the O-Data services must be present.
Your S/4HANA authorization concept: use the opportunity to clean up
Our recommendation is therefore not limited to early integration of SAP security and compliance in your S/4HANA migration planning. It is also particularly important to make a conscious decision for one of these approaches in advance. You will need to compare the pros and cons of each approach and decide which is best for your company.
The migration to S/4HANA is an opportunity to introduce new processes and to simplify existing processes with the new FIORI tiles. It is also a good time to rethink and update your current authorization concept. We would love to help you make this decision and take stock of the pros and cons of the two approaches. Don’t hesitate to contact us: sast@akquinet.de
Visit our SAST SOLUTIONS home page for more information about us.
Paul Michaelis (Consultant S/4HANA authorizations, SAST SOLUTIONS)
More articles about S/4HANA & SAP authorizations:
SAP S/4HANA: How to ensure a secure S/4HANA migration
Authorizations for batch processing in NetWeaver and S/4HANA environments