How to master the increasing complexity of SAP S/4HANA security

SAST Blog: How to master the increasing complexity of SAP S/4HANA SecurityThe SAP S/4HANA software suite represents a cutting-edge cornerstone for the digitalization of enterprises and is increasingly being used by both SMEs and large corporations. However, the implementation of and migration to SAP S/4HANA also entail increasing complexity in system administration and management. Our specialized software tools enable you to master this project successfully.


SAP S/4HANA often involves changes to the system landscape. The software structure of the new system can be embedded, central hub, or even hybrid. This, in turn, affects the design of your authorization and role concepts.

Different system architectures in SAP S/4HANA systems.

The embedded system architecture requires the least administration and management effort for granting authorizations, but does not always meet the respective IT requirements.

In a central hub system architecture, more effort will be needed due to the separate authorization assignment in the front-end and back-end systems, as well as due to the increased complexity for tracking the activities performed. Even if switching to a multi-tier central hub approach seems more involved at first, it could still be the more sensible solution for your needs. In our blog post Adapting authorization management in a central hub SAP S/4HANA system, for example, you can find out how you can proficiently adapt your roles and authorizations and monitor them efficiently, saving time.

Each system architecture has its advantages and disadvantages and requires individual customization. The security of the SAP S/4HANA system has to be guaranteed for both variants, however.

Different levels and media for accessing the SAP S/4HANA system.

Moreover, different levels and media are available for accessing an SAP S/4HANA system, independently of the structure of the system landscape. In addition to classic SAP GUI calls from a PC or notebook, it is also possible to access SAP applications from mobile devices, using SAP Fiori Launchpad, independently of time and location. Authorization for direct access to the powerful SAP HANA database can also be granted. The permissions of all these access types are still based on role and user authorizations, but are more complex for system administrators to manage and monitor due to their sophistication.

Tool-based software solutions to master the complexity of SAP S/4HANA.

The SAST SUITE for S/4HANA contains a specially developed rule set that enables you to identify and clear up SAP S/4HANA-specific critical single authorizations and separation-of-duty risks. Our experience shows that SAST SUITE support can cut the effort required to set up and administer a secure SAP S/4HANA system by up to 80 percent.

We will be happy to help you master the challenges of your SAP S/4HANA implementation and/or migration, while keeping an eye on the protection of your systems at all times. We work together with you to find out which procedure best fits your needs and advise you in every phase of your project.

For more information, please visit our SAST SOLUTIONS website or just get in touch.

Ali-Riza Catak (SAST SOLUTIONS)   Alina-Demuth (SAST-SOLUTIONS)
Ali-Riza Catak + Alina Demuth (SAP S/4HANA Consultants, SAST SOLUTIONS)


Further articles on the topic:

Speed uo development of framework and application authorization concepts for SAP ERP and S/4HANA

SAP S/4HANA: How to ensure a secure S/4HANA Migration