07.07.2021

How to master S/4HANA authorisation projects securely and quickly.

In an interview with it management, our SAP security expert Roozbeh Noori-Amoli explains the approach that can be used to successfully implement role conversion.

The embedding of the authorisation concept is one of the core tasks in the S/4HANA implementation and is a frequent reason why it fails as a whole. But how to deal with conflicts such as resource bottlenecks, shifts in priorities in sub-projects, changes in tasks and tests? Roozbeh Noori-Amoli, Deputy Head SAST CONSULTING, explains in an interview with it management editor Ulrich Parthier why, in addition to approach and project management, the right authorisation concept is decisive for the success and dynamics of the transformation.

Ulrich Parthier: Mr Noori-Amoli, you have just successfully completed a global role conversion with PUMA SE. What are the most important considerations to make before the S/4HANA migration?

Roozbeh Noori-Amoli: First of all, of course, which approach is appropriate for the project, i.e. Green-, Brown- or Bluefield. When it comes to the procedure, a decision must be made between classic and agile project management. And then comes the question: What does my authorisation concept look like? Is it often based on a single proposal from a consultant or a best-practice approach without reference to the company and the project-specific needs? Then this is the real cardinal mistake: you have to be aware of the advantages and disadvantages of the different concepts beforehand, which all have their raison d'être depending on the situation. If you have made the wrong choice, you will often only realise this after several days have been spent on implementation, or even worse, only later in everyday life. The subsequent correction can then mean high efforts and costs.

Ulrich Parthier: But given the diversity, how can the right authorisation concept be found?

Roozbeh Noori-Amoli: For this, the most important questions must be clarified from the beginning: What is the actual company need, what are the project goals and how high is the security requirement? What is the budget and the time and personnel resources? Limiting factors such as the existing organisational structures and processes, the number of SAP users and basically the type and architecture of the system already provide a fixed framework. The prioritisation of the goals is then determined by the respective IT strategy. The choice of the authorisation concept is thus ultimately a balancing act between the need for high security with precisely fitting authorisations and the desire for minimal administrative effort. One could formulate the minimum allocation of authorisations vs. the standardisation of processes as a conflict of objectives.

 

[Read the full article free online (in German) at it-daily.net / it management in the July/August 2021 issue line]

Beitrag teilen

Go back

Privacy settings

Click »Info« to see a list of the used cookies. You can give your consent to the required cookies or statistic cookies. The selection is optional. You can change these settings or delete the cookies in the browser at any time. If you select the »Statistics« option, your opt-in consent also extends to processing in the USA, which is considered by the European Court of Justice as a country with an insufficient level of data protection. Please find further information in our privacy statement.
In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group external media
Name YEXT -Search
Technical name yext
Provider Yext GmbH
Expire in days 0
Privacy policy https://www.yext.de/privacy-policy/
Use Enables intelligent search via YEXT.
Allowed
Group external media
Name Google Maps
Technical name googleMaps
Provider
Expire in days 6491
Privacy policy
Use Enables the use of Google Maps.
Allowed
Group external media
Name YouTube
Technical name youTube
Provider
Expire in days 0
Privacy policy
Use Enables the use of the Youtube video player.
Allowed
Group statistics
Name Google Analytics
Technical name _gid,_ga,1P_JAR,ANID,NID,CONSENT,_ga_JT5V6CR8ZH,_gat_gtag_UA_133169400_1,_gat_gtag_UA_141664271_1,_gat_gtag_UA_127185455_1,_gat_gtag_UA_127561508_1,_gat_gtag_UA_194226577_1
Provider Google LLC
Expire in days 730
Privacy policy https://policies.google.com/privacy
Use Cookie by Google for website analysis. Generates anonymous statistical data about how the visitor uses the website.
Allowed
Group essential
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Group essential
Name Contao HTTPS CSRF Token
Technical name csrf_https-contao_csrf_token
Provider
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Group essential
Name PHP SESSION ID
Technical name PHPSESSID
Provider
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Group essential
Name FE USER AUTH
Technical name FE_USER_AUTH
Provider
Expire in days 0
Privacy policy
Use Saves information of a visitor as soon as he logs in to the frontend.
Allowed
Group statistics
Name Google Repcatcha
Technical name googleRepcatcha
Provider Google LLC
Expire in days 0
Privacy policy https://policies.google.com/privacy
Use Protect from spam.
Allowed
Group statistics
Name ClickDimensions
Technical name cuvid,cusid,cuvon,cd_optout_accountkey
Provider ClickDimensions
Expire in days 730
Privacy policy https://clickdimensions.com/solutions-security-and-privacy/
Use Cookie from ClickDimensions for website analysis. Generates anonymous statistical information about how the visitor uses the site.
Allowed
Copyright akquinet AG. All Rights Reserved.