The embedding of the authorisation concept is one of the core tasks in the S/4HANA implementation and is a frequent reason why it fails as a whole. But how to deal with conflicts such as resource bottlenecks, shifts in priorities in sub-projects, changes in tasks and tests? Roozbeh Noori-Amoli, Deputy Head SAST CONSULTING, explains in an interview with it management editor Ulrich Parthier why, in addition to approach and project management, the right authorisation concept is decisive for the success and dynamics of the transformation.
Ulrich Parthier: Mr Noori-Amoli, you have just successfully completed a global role conversion with PUMA SE. What are the most important considerations to make before the S/4HANA migration?
Roozbeh Noori-Amoli: First of all, of course, which approach is appropriate for the project, i.e. Green-, Brown- or Bluefield. When it comes to the procedure, a decision must be made between classic and agile project management. And then comes the question: What does my authorisation concept look like? Is it often based on a single proposal from a consultant or a best-practice approach without reference to the company and the project-specific needs? Then this is the real cardinal mistake: you have to be aware of the advantages and disadvantages of the different concepts beforehand, which all have their raison d'être depending on the situation. If you have made the wrong choice, you will often only realise this after several days have been spent on implementation, or even worse, only later in everyday life. The subsequent correction can then mean high efforts and costs.
Ulrich Parthier: But given the diversity, how can the right authorisation concept be found?
Roozbeh Noori-Amoli: For this, the most important questions must be clarified from the beginning: What is the actual company need, what are the project goals and how high is the security requirement? What is the budget and the time and personnel resources? Limiting factors such as the existing organisational structures and processes, the number of SAP users and basically the type and architecture of the system already provide a fixed framework. The prioritisation of the goals is then determined by the respective IT strategy. The choice of the authorisation concept is thus ultimately a balancing act between the need for high security with precisely fitting authorisations and the desire for minimal administrative effort. One could formulate the minimum allocation of authorisations vs. the standardisation of processes as a conflict of objectives.
[Read the full article free online (in German) at it-daily.net / it management in the July/August 2021 issue line]