When setting up an SAP S/4HANA system landscape, you have the option of establishing a front-end system as the central, superordinate system that accesses different back-end systems. To do this, you have to consider and logically design many factors in advance. In addition to the technical prerequisites, the role and authorization concepts have to be revised. But how can you adapt authorization management in an SAP S/4HANA system with little effort?
Development of role strategies in the authorization concept
The management of users and authorizations in a distributed, multi-tier system landscape is often associated with increased expenses, as well as further challenges like transparency and traceability of actions performed.
The concept for the respective system architecture must include a role strategy that will require the least possible effort from user and authorization administrators. An embedded system architecture does not represent a substantial change to authorization assignment from the administrator perspective. Both front-end and back-end authorizations can be maintained on the same system. The administration effort needed is hardly greater than in an ERP system.
A central hub system landscape is an entirely different story, though. Authorizations are usually assigned in the front-end and back-end systems. This is necessary because the front-end system is usually a separate SAP system, which is linked with the back-end system through RFC connections. As a result, at least two authorization roles in two systems have to be assigned for the same user. The manual effort required to assign and document the roles is doubled, due to the architecture of the system landscape.
Consideration of these aspects is crucial for a successful SAP S/4HANA system design. In addition to examining the new technical features of SAP S/4HANA, you also need to think about the changed authorization and role concepts, as well as the new request procedures.
How can you control and manage roles and authorizations in the central hub SAP S/4HANA system?
The new, more complex management of roles and authorizations often poses a major challenge to companies, especially since the provided tools are not very user-friendly. If user identities have also to be maintained in multiple systems, things get particularly time-consuming.
The lack of options for maintaining users and authorizations transparently across systems can easily result in confusion and unresolved SoD conflicts – and ultimately in difficult clean-ups.
Optimized authorization management in a central hub SAP S/4HANA system with SAST User Access Management
Our practical tool SAST User Access Management lets you monitor and manage roles and authorizations of your SAP users efficiently, reliably, and above all conveniently. Its support for cross-system assignment and documentation of authorizations helps you increase security even in SAP S/4HANA central hub system landscapes with a minimum of effort.
The persons responsible in your organizational areas can freely define and configure the required approval steps for every SAP workflow.
You will benefit from increased transparency, individually customizable authorization management, and seamless traceability of all changes, as well as the automated SoD analysis. What’s more, compliance with legal documentation requirements is ensured.
Are you interested in saving time with automated authorization requests? Find out more on our website or contact us. We’ll be happy to answer all your questions regarding authorization management in a central hub SAP S/4HANA system.
Paul Michaelis (Consultant SAP S/4HANA Authorizations, SAST SOLUTIONS)
Further article about S/4HANA authorizations:
SAP S/4HANA authorizations – it’s your choice: brownfield or greenfield
Authorizations for batch processing in NetWeaver and S/4HANA environments