cancel
Showing results for 
Search instead for 
Did you mean: 

Impact Analysis for R3 role migration to S4

Former Member
0 Kudos

Hello all

I´d like to know how different from R3 is the security architecture of S4 in terms of roles/authorizations/objects. I understand that at least 80% of Trx are the same in the new system, so a R3 landscape can be migrated with minimal impact. Special analysis need to be carried out for customized trx. So, we can migrate a R3 role landscape with minimium impact? or do we need to re-design technical roles during S4 implementation?

Appreciated your comments and feedback!

Accepted Solutions (0)

Answers (2)

Answers (2)

jmoralescalvo
Explorer
0 Kudos

Jocelyn, based on a conversion approach, Fiori is suggested to be deployed by business units and/or business requirements. Hence, many custom roles from ECC need to prevail. Is there an approach to migrate the roles other than checking for the authorization objects one by one?

Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Omar,

You will need to redesign your security roles.

Btw 80% is a vast overestimation - just because GUI transactions may still exist, that doesn't mean that your project will still be defaulting to the old SAP GUI transactions. How many Fiori vs classic apps you end up using is going tto depend a lot on the strategic business drivers behind your digital transformation project. Pray that it's not a technical upgrade (that's a road paved with good intentions leading to some very very hellish places with no hope of meeting business expectations).

Please read https://blogs.sap.com/2018/04/20/fiori-for-s4hana-top-10-myths-misconceptions-to-avoid/ and I'd also recommending reviewing the links in the Fiori for S/4HANA wiki https://wiki.scn.sap.com/wiki/display/Fiori/SAP+Fiori+for+S4HANA > Foundation page > Security & Authorizations section

Fiori Launchpad drives your whole security design so this is a major turnaround from older approaches - that is you are mostly generating your security roles top down (from the Launchpad to the backend system) rather than bottom up (from individual auth objects) EVEN IF you are using a large number of GUI transactions! On most projects we find there is potentially quite a bit of work here... and it can also generate a lot of rework when projects fail to grasp the implications of the top-down approach.

Good luck!

Jocelyn